From 87255770355830c710d3f3860c30bc9e483e2af4 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Wed, 11 May 2011 20:28:17 +0200 Subject: added krebs pubkey --- retiolum/hosts/.pubkeys/krebs | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 retiolum/hosts/.pubkeys/krebs diff --git a/retiolum/hosts/.pubkeys/krebs b/retiolum/hosts/.pubkeys/krebs new file mode 100644 index 00000000..8a58ee7e --- /dev/null +++ b/retiolum/hosts/.pubkeys/krebs @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6vUmUL8w8r2gUTpUF8Q +Wx0U3nzDPao2I7l0WU1NnGcR8DVug7YN595guvDkRGcM4eYGizgVYVvDCmjTQRXR +n57ucVud2bGE1NGtdomVs6wggpgzLiafm9BJwsigoCyMv+8ewGfc+D10TupulcIi +ZSp/RAewYlX0rhmgdsEGnCt+TWvXRsIakY1pvt4YeKjs2ctib3OmaPuNokK4ophx +SpdZ5arjHCaiVMj2O6pPAQbU7WFY63FwUP64cAmtqBM+uMteT7bdG1jT3KZS6W7D +y8rIBd+pp+vB656A5PhrDcGEUMFSXqPDBwIxhV7OAejSn4XjrZyd5eNtMOQKopIM +QwIDAQAB +-----END PUBLIC KEY----- -- cgit v1.2.3 From 86c168daa801b30829f62b6b7f633363fad10345 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Wed, 11 May 2011 22:36:01 +0200 Subject: more debug --- retiolum/hosts/.scripts/retiolum.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/retiolum/hosts/.scripts/retiolum.py b/retiolum/hosts/.scripts/retiolum.py index 51e7a215..05123692 100755 --- a/retiolum/hosts/.scripts/retiolum.py +++ b/retiolum/hosts/.scripts/retiolum.py @@ -140,14 +140,17 @@ def recvthread(netname, hostname, timeoutfifo, authfifo): #recieves input from m if dataval[3] != hostname: timeoutfifo.put(["tst", dataval[3], ip]) logging.info("recv: got Stage1: writing data to timeout") + logging.debug("recv: ;tst;" + dataval[3] + ";" + ip) if dataval[1] == "Stage2": if dataval[3] == hostname: authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) logging.info("recv: got Stage2: writing data to auth") + logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) if dataval[1] == "Stage3": if dataval[3] != hostname: authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) logging.info("recv: got Stage3: writing data to auth") + logging.debug("recv: ;" + gdataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) except: logging.error("recv: socket init failed") time.sleep(10) @@ -204,6 +207,7 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut sendtext = "#Stage2#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#" sendfifo.put(sendtext) logging.info("auth: got Stage1 sending now Stage2") + logging.debug("auth: " + sendtext) if curauth[0] == "Stage2": dec_message = priv_decrypt(netname, curauth[3]) @@ -216,6 +220,7 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut sendtext = "#Stage3#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#" sendfifo.put(sendtext) logging.info("auth: got Stage2 sending now Stage3") + logging.debug("auth: " + sendtext) if curauth[0] == "Stage3": line = findhostinlist(authlist, curauth[1], curauth[2]) -- cgit v1.2.3 From d792415a020c92cd0069fba7f3b09b4eec6e2d2b Mon Sep 17 00:00:00 2001 From: Lassulus Date: Thu, 12 May 2011 14:57:52 +0200 Subject: fixed debug error --- retiolum/hosts/.scripts/retiolum.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/retiolum/hosts/.scripts/retiolum.py b/retiolum/hosts/.scripts/retiolum.py index 05123692..f03e0875 100755 --- a/retiolum/hosts/.scripts/retiolum.py +++ b/retiolum/hosts/.scripts/retiolum.py @@ -3,8 +3,11 @@ import sys, os, time, socket, subprocess, thread, random, Queue, binascii, loggi from optparse import OptionParser def pub_encrypt(netname, hostname_t, text): #encrypt data with public key - enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64") - return(enc_text.read()) + try: + enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64") + return(enc_text.read()) + except: + return(-1) def priv_decrypt(netname, enc_data): #decrypt data with private key dec_text = subprocess.os.popen("echo '" + enc_data + "' | base64 -d | openssl rsautl -inkey /etc/tinc/" + netname + "/rsa_key.priv -decrypt") @@ -150,7 +153,7 @@ def recvthread(netname, hostname, timeoutfifo, authfifo): #recieves input from m if dataval[3] != hostname: authfifo.put([dataval[1], dataval[3], ip, dataval[4]]) logging.info("recv: got Stage3: writing data to auth") - logging.debug("recv: ;" + gdataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) + logging.debug("recv: ;" + dataval[1] + ";" + dataval[3] + ";" + ip + ";" + dataval[4]) except: logging.error("recv: socket init failed") time.sleep(10) @@ -169,7 +172,7 @@ def timeoutthread(netname, timeoutfifo, authfifo): #checks if the hostname is al line = findhostinlist(hostslist, curhost[1], curhost[2]) if line != -1: hostslist[line][2] = time.time() - logging.debug("timeout: refreshing timestamp") + logging.debug("timeout: refreshing timestamp of " + hostslist[line][0]) else: authfifo.put(["Stage1", curhost[1], curhost[2]]) logging.info("timeout: writing to auth") -- cgit v1.2.3 From b4bda4807b2dd3a49ee4ee64dd3fed7bc9107d01 Mon Sep 17 00:00:00 2001 From: Lassulus Date: Thu, 12 May 2011 15:19:03 +0200 Subject: fixed auththread crash --- retiolum/hosts/.scripts/retiolum.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/retiolum/hosts/.scripts/retiolum.py b/retiolum/hosts/.scripts/retiolum.py index f03e0875..044fe5c8 100755 --- a/retiolum/hosts/.scripts/retiolum.py +++ b/retiolum/hosts/.scripts/retiolum.py @@ -231,12 +231,13 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut dec_message = priv_decrypt(netname, curauth[3]) splitmes = dec_message.split("#") logging.info("auth: checking challenge") - if splitmes[0] == "" and splitmes[1] == str(authlist[line][2]): - timeoutfifo.put(["add", curauth[1], curauth[2]]) - del authlist[line] - logging.info("auth: Stage3 checked, sending now to timeout") - else: - logging.error("auth: challenge failed") + if splitmes[0] == "": + if splitmes[1] == str(authlist[line][2]): + timeoutfifo.put(["add", curauth[1], curauth[2]]) + del authlist[line] + logging.info("auth: Stage3 checked, sending now to timeout") + else: logging.error("auth: challenge checking failed") + else: logging.error("auth: decryption failed") else: i = 0 -- cgit v1.2.3 From 597421b2889d5628d0e491d7ad5d8207c8bf745d Mon Sep 17 00:00:00 2001 From: Lassulus Date: Thu, 12 May 2011 15:31:28 +0200 Subject: moar debug --- retiolum/hosts/.scripts/retiolum.py | 100 +++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 48 deletions(-) diff --git a/retiolum/hosts/.scripts/retiolum.py b/retiolum/hosts/.scripts/retiolum.py index 044fe5c8..6f1064e2 100755 --- a/retiolum/hosts/.scripts/retiolum.py +++ b/retiolum/hosts/.scripts/retiolum.py @@ -3,6 +3,7 @@ import sys, os, time, socket, subprocess, thread, random, Queue, binascii, loggi from optparse import OptionParser def pub_encrypt(netname, hostname_t, text): #encrypt data with public key + logging.debug("encrypt: " + text) try: enc_text = subprocess.os.popen("echo '" + text + "' | openssl rsautl -pubin -inkey /etc/tinc/" + netname + "/hosts/.pubkeys/" + hostname_t + " -encrypt | base64") return(enc_text.read()) @@ -193,61 +194,64 @@ def auththread(netname, hostname, authfifo, sendfifo, timeoutfifo): #manages aut while True: - if not authfifo.empty(): - logging.debug("auth: authfifo is not empty") - curauth = authfifo.get() - if curauth[0] == "Stage1": - line = findhostinlist(authlist, curauth[1], curauth[2]) - if line == -1: - challengenum = random.randint(0,65536) - encrypted_message = pub_encrypt(netname, curauth[1], "#" + hostname + "#" + str(challengenum) + "#") - authlist.append([curauth[1], curauth[2], challengenum, time.time()]) - else: - encrypted_message = pub_encrypt(netname, authlist[line][0], "#" + hostname + "#" + str(authlist[line][2]) + "#") - if encrypted_message == -1: - logging.info("auth: RSA Encryption Error") - else: - sendtext = "#Stage2#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#" - sendfifo.put(sendtext) - logging.info("auth: got Stage1 sending now Stage2") - logging.debug("auth: " + sendtext) - - if curauth[0] == "Stage2": - dec_message = priv_decrypt(netname, curauth[3]) - splitmes = dec_message.split("#") - if splitmes[0] == "": - encrypted_message = pub_encrypt(netname, splitmes[1], "#" + splitmes[2] + "#") + try: + if not authfifo.empty(): + logging.debug("auth: authfifo is not empty") + curauth = authfifo.get() + if curauth[0] == "Stage1": + line = findhostinlist(authlist, curauth[1], curauth[2]) + if line == -1: + challengenum = random.randint(0,65536) + encrypted_message = pub_encrypt(netname, curauth[1], "#" + hostname + "#" + str(challengenum) + "#") + authlist.append([curauth[1], curauth[2], challengenum, time.time()]) + else: + encrypted_message = pub_encrypt(netname, authlist[line][0], "#" + hostname + "#" + str(authlist[line][2]) + "#") if encrypted_message == -1: - logging.error("auth: RSA Encryption Error") + logging.info("auth: RSA Encryption Error") else: - sendtext = "#Stage3#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#" + sendtext = "#Stage2#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#" sendfifo.put(sendtext) - logging.info("auth: got Stage2 sending now Stage3") + logging.info("auth: got Stage1 sending now Stage2") logging.debug("auth: " + sendtext) - - if curauth[0] == "Stage3": - line = findhostinlist(authlist, curauth[1], curauth[2]) - if line != -1: + + if curauth[0] == "Stage2": dec_message = priv_decrypt(netname, curauth[3]) splitmes = dec_message.split("#") - logging.info("auth: checking challenge") if splitmes[0] == "": - if splitmes[1] == str(authlist[line][2]): - timeoutfifo.put(["add", curauth[1], curauth[2]]) - del authlist[line] - logging.info("auth: Stage3 checked, sending now to timeout") - else: logging.error("auth: challenge checking failed") - else: logging.error("auth: decryption failed") - - else: - i = 0 - while i < len(authlist): - if time.time() - authlist[i][3] > 120: - del authlist[i] - logging.info("auth: deleting timeoutet auth") - else: - i += 1 - time.sleep(1) + encrypted_message = pub_encrypt(netname, splitmes[1], "#" + splitmes[2] + "#") + if encrypted_message == -1: + logging.error("auth: RSA Encryption Error") + else: + sendtext = "#Stage3#" + netname + "#" + curauth[1] + "#" + encrypted_message + "#" + sendfifo.put(sendtext) + logging.info("auth: got Stage2 sending now Stage3") + logging.debug("auth: " + sendtext) + + if curauth[0] == "Stage3": + line = findhostinlist(authlist, curauth[1], curauth[2]) + if line != -1: + dec_message = priv_decrypt(netname, curauth[3]) + splitmes = dec_message.split("#") + logging.info("auth: checking challenge") + if splitmes[0] == "": + if splitmes[1] == str(authlist[line][2]): + timeoutfifo.put(["add", curauth[1], curauth[2]]) + del authlist[line] + logging.info("auth: Stage3 checked, sending now to timeout") + else: logging.error("auth: challenge checking failed") + else: logging.error("auth: decryption failed") + + else: + i = 0 + while i < len(authlist): + if time.time() - authlist[i][3] > 120: + del authlist[i] + logging.info("auth: deleting timeoutet auth") + else: + i += 1 + time.sleep(1) + except: + logging.error("auth: thread crashed") #Program starts here! -- cgit v1.2.3