summaryrefslogtreecommitdiffstats
path: root/retiolum/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'retiolum/scripts')
-rwxr-xr-xretiolum/scripts/adv_graphgen/all_the_graphs.sh9
-rwxr-xr-xretiolum/scripts/adv_graphgen/anonytize.sh2
-rw-r--r--retiolum/scripts/adv_graphgen/find_super.py50
-rwxr-xr-xretiolum/scripts/adv_graphgen/parse_tinc_anon.py4
-rwxr-xr-xretiolum/scripts/adv_graphgen/parse_tinc_stats.py18
-rwxr-xr-xretiolum/scripts/adv_graphgen/sanitize.sh2
-rwxr-xr-xretiolum/scripts/adv_graphgen/tinc_stats2json (renamed from retiolum/scripts/adv_graphgen/tinc_stats.py)59
-rw-r--r--retiolum/scripts/github_listener/INSTALL13
-rw-r--r--retiolum/scripts/github_listener/README22
-rw-r--r--retiolum/scripts/github_listener/github_listener.conf5
-rwxr-xr-xretiolum/scripts/github_listener/handle_request23
-rwxr-xr-xretiolum/scripts/tinc_multicast/retiolum34
-rwxr-xr-xretiolum/scripts/tinc_multicast/retiolum.py349
-rw-r--r--retiolum/scripts/tinc_setup/bootstrap.sh11
-rwxr-xr-xretiolum/scripts/tinc_setup/install.sh8
-rwxr-xr-xretiolum/scripts/tinc_setup/new_install.sh407
-rw-r--r--retiolum/scripts/tinc_setup/write_channel.py27
17 files changed, 596 insertions, 447 deletions
diff --git a/retiolum/scripts/adv_graphgen/all_the_graphs.sh b/retiolum/scripts/adv_graphgen/all_the_graphs.sh
index 5533c722..d3ce8f86 100755
--- a/retiolum/scripts/adv_graphgen/all_the_graphs.sh
+++ b/retiolum/scripts/adv_graphgen/all_the_graphs.sh
@@ -4,11 +4,14 @@
echo "`date` begin all graphs" >> /tmp/build_graph
cd $(dirname $(readlink -f $0))
PATH=$PATH:../../../util/bin/
- export LOG_FILE=/var/log/retiolum.log
+ export LOG_FILE=/var/log/syslog
+ export TINC_LEGACY=true
+ EXTERNAL_FOLDER=/var/www/euer.krebsco.de/graphs/retiolum
+ INTERNAL_FOLDER=/var/www/euer/graphs/retiolum
begin=`timer`
export GRAPHITE_HOST="no_omo"
- (./anonytize.sh /srv/http/pub/graphs/retiolum/ && echo "`date` anonytize done" >> /tmp/build_graph)&
- (./sanitize.sh /srv/http/priv/graphs/retiolum/ && echo "`date` sanitize done" >> /tmp/build_graph)&
+ (./anonytize.sh $EXTERNAL_FOLDER && echo "`date` anonytize done" >> /tmp/build_graph)&
+ (./sanitize.sh $INTERNAL_FOLDER && echo "`date` sanitize done" >> /tmp/build_graph)&
# wait
graphitec "retiolum.graph.buildtime" "$(timer $begin)" >> /tmp/build_graph
echo "`date` end all graphs" >> /tmp/build_graph
diff --git a/retiolum/scripts/adv_graphgen/anonytize.sh b/retiolum/scripts/adv_graphgen/anonytize.sh
index d49793cb..b31f4dbb 100755
--- a/retiolum/scripts/adv_graphgen/anonytize.sh
+++ b/retiolum/scripts/adv_graphgen/anonytize.sh
@@ -11,7 +11,7 @@ TYPE2=png
OPENER=/bin/true
DOTFILE=`mktemp`
trap 'rm $DOTFILE' INT TERM
-sudo LOG_FILE=$LOG_FILE python tinc_stats.py |\
+sudo -E python tinc_stats2json |\
python parse_tinc_anon.py> $DOTFILE
diff --git a/retiolum/scripts/adv_graphgen/find_super.py b/retiolum/scripts/adv_graphgen/find_super.py
new file mode 100644
index 00000000..df01734e
--- /dev/null
+++ b/retiolum/scripts/adv_graphgen/find_super.py
@@ -0,0 +1,50 @@
+#!/usr/bin/python
+
+def find_super(path="/etc/tinc/retiolum/hosts"):
+ import os
+ import re
+
+ needle_addr = re.compile("Address\s*=\s*(.*)")
+ needle_port = re.compile("Port\s*=\s*(.*)")
+ for f in os.listdir(path):
+ with open(path+"/"+f) as of:
+ addrs = []
+ port = "655"
+
+ for line in of.readlines():
+
+ addr_found = needle_addr.match(line)
+ if addr_found:
+ addrs.append(addr_found.group(1))
+
+ port_found = needle_port.match(line)
+ if port_found:
+ port = port_found.group(1)
+
+ if addrs : yield (f ,[(addr ,int(port)) for addr in addrs])
+
+def check_super(path="/etc/tinc/retiolum/hosts"):
+ from socket import socket,AF_INET,SOCK_STREAM
+ for host,addrs in find_super(path):
+ valid_addrs = []
+ for addr in addrs:
+ try:
+ s = socket(AF_INET,SOCK_STREAM)
+ s.settimeout(3)
+ s.connect(addr)
+ #print("success connecting %s:%d"%(addr))
+ s.settimeout(None)
+ s.close()
+ valid_addrs.append(addr)
+ except Exception as e:
+ pass
+ #print("cannot connect to %s:%d"%(addr))
+ if valid_addrs: yield (host,valid_addrs)
+
+
+if __name__ == "__main__":
+ """
+ usage
+ """
+ for host,addrs in check_super():
+ print host,addrs
diff --git a/retiolum/scripts/adv_graphgen/parse_tinc_anon.py b/retiolum/scripts/adv_graphgen/parse_tinc_anon.py
index e0bea913..21c36e0f 100755
--- a/retiolum/scripts/adv_graphgen/parse_tinc_anon.py
+++ b/retiolum/scripts/adv_graphgen/parse_tinc_anon.py
@@ -15,7 +15,7 @@ try:
sys.stderr.write("connecting to %s:%d"%(host,port))
s.connect((host,port))
except Exception as e:
- print >>sys.stderr, "Cannot connect to graphite: " + str(e)
+ sys.stderr.write( "Cannot connect to graphite: " + str(e))
""" TODO: Refactoring needed to pull the edges out of the node structures again,
it should be easier to handle both structures"""
DUMP_FILE = "/krebs/db/availability"
@@ -151,4 +151,4 @@ try:
msg = '%s.graph.anon_build_time %d %d\r\n' % (g_path,((end-begin)*1000),end)
s.send(msg)
s.close()
-except Exception as e: print >>sys.stderr, e
+except Exception as e: pass
diff --git a/retiolum/scripts/adv_graphgen/parse_tinc_stats.py b/retiolum/scripts/adv_graphgen/parse_tinc_stats.py
index 16f4f795..76a3ffcd 100755
--- a/retiolum/scripts/adv_graphgen/parse_tinc_stats.py
+++ b/retiolum/scripts/adv_graphgen/parse_tinc_stats.py
@@ -2,6 +2,7 @@
# -*- coding: utf8 -*-
from BackwardsReader import BackwardsReader
import sys,json
+from find_super import check_super
try:
from time import time
import socket
@@ -16,10 +17,13 @@ try:
except Exception as e:
sys.stderr.write("Cannot connect to graphite: %s\n" % str(e))
-supernodes= [ "kaah","supernode","euer","pa_sharepoint","oxberg" ]
+supernodes= [ ]
+for supernode,addr in check_super():
+ supernodes.append(supernode)
""" TODO: Refactoring needed to pull the edges out of the node structures again,
it should be easier to handle both structures"""
DUMP_FILE = "/krebs/db/availability"
+
def write_digraph(nodes):
"""
writes the complete digraph in dot format
@@ -53,8 +57,7 @@ def write_stat_node(nodes):
try:
msg = '%s.num_nodes %d %d\r\n' %(g_path,num_nodes,begin)
s.send(msg)
- #print >>sys.stderr, msg
- except Exception as e: print sys.stderr,e
+ except Exception as e: pass
#except: pass
for k,v in nodes.iteritems():
num_conns+= len(v['to'])
@@ -82,8 +85,7 @@ def generate_stats(nodes):
jlines.append(jline)
lines_to_use -=1
- except Exception,e:
- sys.stderr.write(str(e))
+ except Exception,e: sys.stderr.write(str(e))
for k,v in nodes.iteritems():
conns = v.get('to',[])
for c in conns: #sanitize weights
@@ -169,7 +171,11 @@ def write_node(k,v):
for addr in v.get('internal-ip',['¯\\\\(°_o)/¯']):
node += "internal:"+addr+"\\l"
node +="\""
- if k in supernodes:
+
+ # warning if node only has one connection
+ if v['num_conns'] == 1:
+ node += ",fillcolor=red"
+ elif k in supernodes:
node += ",fillcolor=steelblue1"
#node +=",group=\""+v['external-ip'].replace(".","")+"\""
node += "]"
diff --git a/retiolum/scripts/adv_graphgen/sanitize.sh b/retiolum/scripts/adv_graphgen/sanitize.sh
index c46662f3..45d29a22 100755
--- a/retiolum/scripts/adv_graphgen/sanitize.sh
+++ b/retiolum/scripts/adv_graphgen/sanitize.sh
@@ -11,7 +11,7 @@ TYPE2=png
OPENER=/bin/true
DOTFILE=`mktemp`
trap 'rm $DOTFILE' INT TERM
-sudo LOG_FILE=$LOG_FILE python tinc_stats.py |\
+sudo -E python tinc_stats2json |\
python parse_tinc_stats.py > $DOTFILE
diff --git a/retiolum/scripts/adv_graphgen/tinc_stats.py b/retiolum/scripts/adv_graphgen/tinc_stats2json
index d0d47aff..ede19b26 100755
--- a/retiolum/scripts/adv_graphgen/tinc_stats.py
+++ b/retiolum/scripts/adv_graphgen/tinc_stats2json
@@ -1,13 +1,17 @@
#!/usr/bin/python
-from BackwardsReader import BackwardsReader
+import subprocess
import os
import re
import sys
import json
-TINC_NETWORK = os.environ.get("TINC_NETWORK","retiolum")
-os.environ["LOG_FILE"]
+
+TINC_NETWORK =os.environ.get("TINC_NETWORK","retiolum")
+
+# is_legacy is the parameter which defines if the tinc config files are handled old fashioned (parse from syslog),
+# or if the new and hip tincctl should be used
+is_legacy= os.environ.get("TINC_LEGACY",False)
SYSLOG_FILE = os.environ.get("LOG_FILE","/var/log/everything.log")
@@ -21,11 +25,14 @@ BEGIN_EDGES = "Edges:"
END_EDGES = "End of edges."
def get_tinc_block(log_file):
- """ returns an iterateable block from the given log file (syslog) """
+ """ returns an iterateable block from the given log file (syslog)
+ This function became obsolete with the introduction of tincctl
+ """
+ from BackwardsReader import BackwardsReader
tinc_block = []
in_block = False
bf = BackwardsReader(log_file)
- BOL = re.compile(".*tinc.retiolum\[[0-9]+\]: ")
+ BOL = re.compile(".*tinc.%s\[[0-9]+\]: " % TINC_NETWORK)
while True:
line = bf.readline()
if not line:
@@ -44,6 +51,37 @@ def get_tinc_block(log_file):
break
return reversed(tinc_block)
+def parse_new_input():
+ nodes = {}
+ pnodes = subprocess.Popen(["tincctl","-n",TINC_NETWORK,"dump","reachable","nodes"], stdout=subprocess.PIPE).communicate()[0]
+ #pnodes = subprocess.check_output(["tincctl","-n",TINC_NETWORK,"dump","reachable","nodes"])
+ for line in pnodes.split('\n'):
+ if not line: continue
+ l = line.split()
+ nodes[l[0]]= { 'external-ip': l[2], 'external-port' : l[4] }
+ psubnets = subprocess.check_output(["tincctl","-n",TINC_NETWORK,"dump","subnets"])
+ for line in psubnets.split('\n'):
+ if not line: continue
+ l = line.split()
+ try:
+ if not nodes[l[2]].get('internal-ip',False):
+ nodes[l[2]]['internal-ip'] = []
+ nodes[l[2]]['internal-ip'].append(l[0].split('#')[0])
+ except KeyError:
+ pass # node does not exist (presumably)
+ pedges = subprocess.check_output(["tincctl","-n",TINC_NETWORK,"dump","edges"])
+ for line in pedges.split('\n'):
+ if not line: continue
+ l = line.split()
+ try:
+ if not nodes[l[0]].has_key('to') :
+ nodes[l[0]]['to'] = []
+ nodes[l[0]]['to'].append(
+ {'name':l[2],'addr':l[4],'port':l[6],'weight' : l[10] })
+ except KeyError:
+ pass #node does not exist
+ return nodes
+
def parse_input(log_data):
nodes={}
for line in log_data:
@@ -68,7 +106,6 @@ def parse_input(log_data):
if END_EDGES in line :
break
l = line.replace('\n','').split()
-
if not nodes[l[0]].has_key('to') :
nodes[l[0]]['to'] = []
nodes[l[0]]['to'].append(
@@ -78,6 +115,10 @@ def parse_input(log_data):
if __name__ == '__main__':
import subprocess,time
- subprocess.call(["pkill","-SIGUSR2", "tincd"])
- time.sleep(1)
- print json.dumps(parse_input((get_tinc_block(SYSLOG_FILE))))
+ if is_legacy:
+ subprocess.call(["pkill","-SIGUSR2", "tincd"])
+ time.sleep(1)
+ print json.dumps(parse_input((get_tinc_block(SYSLOG_FILE))))
+ else:
+ print json.dumps(parse_new_input())
+
diff --git a/retiolum/scripts/github_listener/INSTALL b/retiolum/scripts/github_listener/INSTALL
new file mode 100644
index 00000000..20c0845c
--- /dev/null
+++ b/retiolum/scripts/github_listener/INSTALL
@@ -0,0 +1,13 @@
+# HowTo
+
+ useradd -r tinc
+ mkdir -p /opt/
+ git init github_listener
+ git remote add -f origin https://github.com/krebscode/painload.git
+ git config core.sparsecheckout true
+ echo retiolum/hosts/ >> .git/info/sparse-checkout
+ git pull origin master
+ ln -s $static_painload/retiolum/{scripts,bin} retiolum/
+ cp scripts/github_listener/github_listener.conf /etc/supervisor/conf.d/
+ cd ..
+ chown tinc:tinc -R github_listener
diff --git a/retiolum/scripts/github_listener/README b/retiolum/scripts/github_listener/README
new file mode 100644
index 00000000..57c30896
--- /dev/null
+++ b/retiolum/scripts/github_listener/README
@@ -0,0 +1,22 @@
+GITHUB_LISTENER
+===============
+
+The github listener is an application which listens for github post-receive
+hook calls and runs a script each time currently the github listener is
+used to create a tarball of all nodes in the retiolum darknet. the current
+tarball can be retrieved at http://euer.krebsco.de/retiolum/hosts.tar
+
+listen script
+=============
+
+the listen script is a quick hack which runs netcat in an e-loop together
+with a "logger" command to signalise successful tarball generation.
+
+
+github_listener.conf
+===================
+the supervisor config file
+
+References
+==========
+also see //retiolum/doc/git_checkout_only_hosts
diff --git a/retiolum/scripts/github_listener/github_listener.conf b/retiolum/scripts/github_listener/github_listener.conf
new file mode 100644
index 00000000..c4f0a8b6
--- /dev/null
+++ b/retiolum/scripts/github_listener/github_listener.conf
@@ -0,0 +1,5 @@
+[program:github_listener]
+command=nc -lvv -p 5432 -c "./handle_request /opt/github_listener/retiolum/hosts /var/www/euer.krebsco.de/retiolum/"
+user=tinc
+directory=/krebs/retiolum/scripts/github_listener/
+autorestart=true
diff --git a/retiolum/scripts/github_listener/handle_request b/retiolum/scripts/github_listener/handle_request
new file mode 100755
index 00000000..5b42524a
--- /dev/null
+++ b/retiolum/scripts/github_listener/handle_request
@@ -0,0 +1,23 @@
+#!/bin/sh
+# Possible Shell Vars
+# WEBDIR
+# HOSTFOLDER
+set -euf
+if [ "x${2:-}" = x ];then
+ echo "usage: $0 HOSTDIRECTORY WEBDIRECTORY"
+ exit 1
+fi
+export HOSTDIR=${1:-../../hosts}
+WEBDIR=${2:-/var/www/euer.krebsco.de/retiolum/}
+echo "sorry for keeping you waiting, please be patient"
+
+cd $(dirname $(readlink -f $0))
+
+cd "$HOSTDIR"
+git pull origin master >&2
+echo "First step done"
+cd - >&2
+../../bin/create-supernode-tar $WEBDIR
+echo "almost done..."
+../../bin/create-host-tar $WEBDIR
+echo "Thank you for your patience!"
diff --git a/retiolum/scripts/tinc_multicast/retiolum b/retiolum/scripts/tinc_multicast/retiolum
deleted file mode 100755
index 1d6b775f..00000000
--- a/retiolum/scripts/tinc_multicast/retiolum
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-TINCNAME='retiolum'
-case "$1" in
- start)
- stat_busy "Starting retiolum Daemon"
- success=0
- /home/death/git/retiolum/.scripts/tinc_multicast/retiolum.py -n retiolum -T &
- sleep 2
- if [ $success -eq 0 ]; then
- add_daemon retiolum
- stat_done
- else
- stat_fail
- fi
- ;;
- stop)
- stat_busy "Stopping retiolum Daemon"
- kill `cat /var/lock/retiolum.retiolum`
- rm_daemon retiolum
- stat_done
- ;;
- restart)
- $0 stop
- sleep 4
- $0 start
- ;;
- *)
- echo "usage $0 {start¦stop¦restart}"
-esac
-exit 0
diff --git a/retiolum/scripts/tinc_multicast/retiolum.py b/retiolum/scripts/tinc_multicast/retiolum.py
deleted file mode 100755
index 8cf57471..00000000
--- a/retiolum/scripts/tinc_multicast/retiolum.py
+++ /dev/null
@@ -1,349 +0,0 @@
-#!/usr/bin/python2
-import sys, os, time, signal, socket, subprocess, thread, random, Queue, binascii, logging, hashlib, urllib2 #these should all be in the stdlib
-from optparse import OptionParser
-
-def pub_encrypt(hostname_t, text): #encrypt data with public key
- logging.debug("encrypt: " + text)
- if hostname_t.find("`") != -1: return(-1)
- try:
- enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64 -w0")
- return(enc_text.read())
- except:
- return(-1)
-
-def priv_decrypt(enc_data): #decrypt data with private key
- if enc_data.find("`") != -1: return(-1)
- dec_text = subprocess.os.popen("echo '" + enc_data + "' | base64 -d | openssl rsautl -inkey /etc/tinc/" + netname + "/rsa_key.priv -decrypt")
- return(dec_text.read())
-
-def address2hostfile(hostname, address): #adds address to hostsfile or restores it if address is empty
- hostfile = "/etc/tinc/" + netname + "/hosts/" + hostname
- addr_file = open(hostfile, "r")
- addr_cache = addr_file.readlines()
- addr_file.close()
- if address != "":
- addr_cache.insert(0, "Address = " + address + "\n")
- addr_file = open(hostfile, "w")
- addr_file.writelines(addr_cache)
- addr_file.close
- logging.info("sending SIGHUP to tinc deamon!")
- tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True)
- else:
- recover = subprocess.os.popen("tar xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/ " + hostname)
-
-def findhostinlist(hostslist, hostname, ip): #finds host + ip in list
- for line in xrange(len(hostslist)):
- if hostname == hostslist[line][0] and ip == hostslist[line][1]:
- return line
- return -1 #nothing found
-
-def getHostname(netname):
- tconf = open("/etc/tinc/" + netname + "/tinc.conf", "r")
- feld = tconf.readlines()
- tconf.close()
- for x in feld:
- if x.startswith("Name"):
- return str(x.partition("=")[2].lstrip().rstrip("\n"))
-
- print("hostname not found!")
- return -1 #nothing found
-
-def get_hostfiles(url_files, url_md5sum):
- try:
- get_hosts_tar = urllib2.urlopen(url_files)
- get_hosts_md5 = urllib2.urlopen(url_md5sum)
- hosts_tar = get_hosts_tar.read()
- hosts_md5 = get_hosts_md5.read()
-
- if str(hosts_md5) == str(hashlib.md5(hosts_tar).hexdigest() + " hosts.tar.gz\n"):
- hosts = open("/etc/tinc/" + netname + "/hosts/hosts.tar.gz", "w")
- hosts.write(hosts_tar)
- hosts.close()
- else:
- logging.error("hosts.tar.gz md5sum check failed!")
- except:
- logging.error("hosts file download failed!")
-
-
-####Thread functions
-
-
-def sendthread(sendfifo, ghostmode): #send to multicast, sends keep alive packets
- while True:
- try:
- #{socket init start
- ANY = "0.0.0.0"
- SENDPORT = 23542
- MCAST_ADDR = "224.168.2.9"
- MCAST_PORT = 1600
-
- sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #initalize socket with udp
- sock.bind((ANY,SENDPORT)) #now bound to Interface and Port
- sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #activate multicast
- #}socket init end
-
- if ghostmode == 0:
-
- i = 9
-
- while True:
- i += 1
- if not sendfifo.empty():
- sock.sendto(sendfifo.get(), (MCAST_ADDR,MCAST_PORT) )
- logging.info("send: sending sendfifo")
- else:
- time.sleep(1)
- if i == 10:
- sock.sendto("#Stage1#" + netname + "#" + hostname + "#", (MCAST_ADDR,MCAST_PORT) )
- logging.debug("send: sending keep alive")
- i = 0
- else:
- while True:
- if not sendfifo.empty():
- sock.sendto(sendfifo.get(), (MCAST_ADDR,MCAST_PORT) )
- logging.info("send: sending sendfifo")
- else:
- time.sleep(1)
-
- except:
- logging.error("send: socket init failed")
- time.sleep(10)
-
-
-
-def recvthread(timeoutfifo, authfifo): #recieves input from multicast, send them to timeout or auth
- while True:
- try:
- ANY = "0.0.0.0"
- MCAST_ADDR = "224.168.2.9"
- MCAST_PORT = 1600
-
- sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) #create a UDP socket
- sock.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1) #allow multiple sockets to use the same PORT number
- sock.bind((ANY,MCAST_PORT)) #Bind to the port that we know will receive multicast data
- sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 255) #tell the kernel that we are a multicast socket
-
-
- status = sock.setsockopt(socket.IPPROTO_IP,
- socket.IP_ADD_MEMBERSHIP, #Tell the kernel that we want to add ourselves to a multicast group
- socket.inet_aton(MCAST_ADDR) + socket.inet_aton(ANY)); #The address for the multicast group is the third param
-
- while True:
- while True:
-
- try:
- data, addr = sock.recvfrom(1024)
- ip, port = addr
- break
- except socket.error, e:
- pass
-
- logging.debug("recv: got data")
- dataval = data.split("#")
- if dataval[0] == "":
- if dataval[2] == netname:
- if dataval[1] == "Stage1":
- if dataval[3] != hostname:
- timeoutfifo.put(["tst", dataval[3], ip])
- logging.info("recv: got Stage1: writing data to timeout")
- logging.debug("recv: ;tst;" + dataval[3] + ";" + ip)
- if dataval[1] == "Stage2":
- if dataval[3] == hostname:
- authfifo.put([dataval[1], dataval[3], ip, dataval[4]])
- logging.info("recv: got Stage2: writing data to auth")
- logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4])
- if dataval[1] == "Stage3":
- if dataval[3] != hostname:
- authfifo.put([dataval[1], dataval[3], ip, dataval[4]])
- logging.info("recv: got Stage3: writing data to auth")
- logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4])
- except:
- logging.error("recv: socket init failed")
- time.sleep(10)
-
-def timeoutthread(timeoutfifo, authfifo): #checks if the hostname is already in the list, deletes timeouted nodes
-# hostslist = [] #hostname, ip, timestamp
-
- while True:
- if not timeoutfifo.empty():
- curhost = timeoutfifo.get()
- if curhost[0] == "add":
- with hostslock:
- hostslist.append([curhost[1], curhost[2], time.time()])
- address2hostfile(curhost[1], curhost[2])
- logging.info("adding host to hostslist")
- elif curhost[0] == "tst":
- with hostslock:
- line = findhostinlist(hostslist, curhost[1], curhost[2])
- if line != -1:
- hostslist[line][2] = time.time()
- logging.debug("timeout: refreshing timestamp of " + hostslist[line][0])
- else:
- authfifo.put(["Stage1", curhost[1], curhost[2]])
- logging.info("timeout: writing to auth")
-
- else:
- i = 0
- with hostslock:
- while i < len(hostslist):
- if time.time() - hostslist[i][2] > 60:
- address2hostfile(hostslist[i][0], "")
- hostslist.remove(hostslist[i])
- logging.info("timeout: deleting dead host")
- else:
- i += 1
- time.sleep(2)
-
-def auththread(authfifo, sendfifo, timeoutfifo): #manages authentication with clients (bruteforce sensitve, should be fixed)
- authlist = [] #hostname, ip, Challenge, timestamp
-
-
- while True:
- try:
- if not authfifo.empty():
- logging.debug("auth: authfifo is not empty")
- curauth = authfifo.get()
- if curauth[0] == "Stage1":
- line = findhostinlist(authlist, curauth[1], curauth[2])
- if line == -1:
- challengenum = random.randint(0,65536)
- encrypted_message = pub_encrypt(curauth[1], "#" + hostname + "#" + str(challengenum) + "#")
- authlist.append([curauth[1], curauth[2], challengenum, time.time()])
- else:
- encrypted_message = pub_encrypt(authlist[line][0], "#" + hostname + "#" + str(authlist[line][2]) + "#")
- if encrypted_message == -1:
- logging.info("auth: RSA Encryption Error")
- else:
- sendtext = "#Stage2#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#"
- sendfifo.put(sendtext)
- logging.info("auth: got Stage1 sending now Stage2")
- logging.debug("auth: " + sendtext)
-
- if curauth[0] == "Stage2":
- dec_message = priv_decrypt(curauth[3])
- splitmes = dec_message.split("#")
- if splitmes[0] == "":
- encrypted_message = pub_encrypt(splitmes[1], "#" + splitmes[2] + "#")
- if encrypted_message == -1:
- logging.error("auth: RSA Encryption Error")
- else:
- sendtext = "#Stage3#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#"
- sendfifo.put(sendtext)
- logging.info("auth: got Stage2 sending now Stage3")
- logging.debug("auth: " + sendtext)
-
- if curauth[0] == "Stage3":
- line = findhostinlist(authlist, curauth[1], curauth[2])
- if line != -1:
- dec_message = priv_decrypt(curauth[3])
- splitmes = dec_message.split("#")
- logging.info("auth: checking challenge")
- if splitmes[0] == "":
- if splitmes[1] == str(authlist[line][2]):
- timeoutfifo.put(["add", curauth[1], curauth[2]])
- del authlist[line]
- logging.info("auth: Stage3 checked, sending now to timeout")
- else: logging.error("auth: challenge checking failed")
- else: logging.error("auth: decryption failed")
-
- else:
- i = 0
- while i < len(authlist):
- if time.time() - authlist[i][3] > 120:
- del authlist[i]
- logging.info("auth: deleting timeoutet auth")
- else:
- i += 1
- time.sleep(1)
- except:
- logging.error("auth: thread crashed")
-
-def process_start(): #starting of the process
- #download and untar hostfile
- logging.info("downloading hostfiles")
- get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter
- tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True)
-
- #initialize fifos
- sendfifo = Queue.Queue() #sendtext
- authfifo = Queue.Queue() #Stage{1, 2, 3} hostname ip enc_data
- timeoutfifo = Queue.Queue() #State{tst, add} hostname ip
-
- #start threads
- thread_recv = thread.start_new_thread(recvthread, (timeoutfifo, authfifo))
- thread_send = thread.start_new_thread(sendthread, (sendfifo, option.ghost))
- thread_timeout = thread.start_new_thread(timeoutthread, (timeoutfifo, authfifo))
- thread_auth = thread.start_new_thread(auththread, (authfifo, sendfifo, timeoutfifo))
-
-def process_restart(signum, frame):
- logging.error("root: restarting process")
- with hostslock:
- del hostslist[:]
- #download and untar hostfile
- logging.info("downloading hostfiles")
- get_hostfiles("http://vpn.miefda.org/hosts.tar.gz", "http://vpn.miefda.org/hosts.md5") #Currently Hardcoded, should be editable by config or parameter
- tar = subprocess.call(["tar -xzf /etc/tinc/" + netname + "/hosts/hosts.tar.gz -C /etc/tinc/" + netname + "/hosts/"], shell=True)
-
- logging.info("sending SIGHUP")
- tincd_ALRM = subprocess.call(["tincd -n " + netname + " --kill=HUP" ],shell=True)
-
-def kill_process(signum, frame):
- logging.error("got SIGINT/SIGTERM exiting now")
- os.remove("/var/lock/retiolum." + netname)
- if option.tinc != False:
- stop_tincd = subprocess.call(["tincd -n " + netname + " -k"],shell=True)
- sys.exit(0)
-
-#Program starts here!
-
-parser = OptionParser()
-parser.add_option("-n", "--netname", dest="netname", help="the netname of the tinc network")
-parser.add_option("-H", "--hostname", dest="hostname", default="default", help="your nodename, if not given, it will try too read it from tinc.conf")
-parser.add_option("-t", "--timeout", dest="timeout", default=65536, help="timeout after retiolum gets restartet, default is 65536")
-parser.add_option("-d", "--debug", dest="debug", default="0", help="debug level: 0,1,2,3 if empty debug level=0")
-parser.add_option("-g", "--ghost", action="store_true", dest="ghost", default=False, help="deactivates active sending, keeps you anonymous in the public network")
-parser.add_option("-T", "--Tinc", action="store_true", dest="tinc", default=False, help="starts tinc with this script")
-(option, args) = parser.parse_args()
-
-if option.netname == None:
- parser.error("Netname is required, use -h for help!")
-if option.hostname == "default":
- option.hostname = getHostname(option.netname)
-
-hostname = option.hostname
-netname = option.netname
-hostslist = []
-hostslock = thread.allocate_lock()
-
-#set process name
-if not os.path.exists("/var/lock/retiolum." + netname):
- pidfile = open("/var/lock/retiolum." + netname, "w")
- pidfile.write(str(os.getpid()))
- pidfile.close()
-else:
- logging.error("pidfile already exists")
- sys.exit(0)
-
-#Logging stuff
-LEVELS = {'3' : logging.DEBUG,
- '2' : logging.INFO,
- '1' : logging.ERROR,
- '0' : logging.CRITICAL}
-
-level_name = option.debug
-level = LEVELS.get(level_name, logging.NOTSET)
-logging.basicConfig(level=level)
-
-#normally tinc doesnt start with retiolum
-if option.tinc != False:
- start_tincd = subprocess.call(["tincd -n " + netname ],shell=True)
-
-process_start()
-
-signal.signal(signal.SIGTERM, kill_process)
-signal.signal(signal.SIGINT, kill_process)
-signal.signal(signal.SIGUSR1, process_restart)
-
-while True:
- time.sleep(float(option.timeout))
- process_restart(0, 0)
diff --git a/retiolum/scripts/tinc_setup/bootstrap.sh b/retiolum/scripts/tinc_setup/bootstrap.sh
deleted file mode 100644
index 32919e7d..00000000
--- a/retiolum/scripts/tinc_setup/bootstrap.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-if [ ! `id -u` -eq "0" ]
-then
- echo "not root, trying sudo"
- exec sudo "$0" "$@"
-fi
-
-mkdir -p /etc/tinc/retiolum/
-git clone git://github.com/miefda/retiolum.git /etc/tinc/retiolum/hosts
-cd /etc/tinc/retiolum/hosts/.scripts
-
-echo "use the build script of your choice from /etc/tinc/retiolum/hosts/.scripts"
diff --git a/retiolum/scripts/tinc_setup/install.sh b/retiolum/scripts/tinc_setup/install.sh
index a6b50b8a..a72d2b8b 100755
--- a/retiolum/scripts/tinc_setup/install.sh
+++ b/retiolum/scripts/tinc_setup/install.sh
@@ -45,7 +45,7 @@ then
then
printf 'select v4 subnet ip (1-255): '
read v4num
- until $MYBIN/check-free-retiolum-v4 $v4num; do
+ until $MYBIN/check-free-retiolum-v4 10.243.0.$v4num; do
echo "your're an idiot!"
printf 'select unused v4 subnet ip (1-255): '
read v4num
@@ -63,8 +63,8 @@ fi
cat>tinc.conf<<EOF
Name = $myname
ConnectTo = euer
-ConnectTo = oxb