summaryrefslogtreecommitdiff
path: root/kpov_judge/tasks/openvpn_simple_smb
diff options
context:
space:
mode:
authorTimotej Lazar <timotej.lazar@fri.uni-lj.si>2019-02-24 21:05:27 +0100
committerTimotej Lazar <timotej.lazar@fri.uni-lj.si>2019-02-24 21:05:27 +0100
commit8081a5520a441b43a8a7a73f3a90c7aacfaa8e10 (patch)
treec7f49bd33ed19d53afc0ee9df8b2c82c200c5910 /kpov_judge/tasks/openvpn_simple_smb
parent9963b74f777edf985540eac71b1ca095f88b8bca (diff)
Move everything one level up
Diffstat (limited to 'kpov_judge/tasks/openvpn_simple_smb')
-rw-r--r--kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html98
-rw-r--r--kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html95
-rw-r--r--kpov_judge/tasks/openvpn_simple_smb/task.py261
3 files changed, 0 insertions, 454 deletions
diff --git a/kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html b/kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html
deleted file mode 100644
index aba834e..0000000
--- a/kpov_judge/tasks/openvpn_simple_smb/howtos/en/index.html
+++ /dev/null
@@ -1,98 +0,0 @@
-<html>
-
-<head>
-<meta http-equiv=Content-Type content="text/html; charset=utf-8">
-</head>
-
-<body><font face="Georgia, Times New Roman, Times, serif">
-<strong><h1>OpenVPN and SMB task:</h1></strong>
-<p><strong><h2>Quick task:</h2></strong><br>
- Connect to VPN with OpenVPN. Enable access to files through NFS and copy them through SMB.</p>
-<p><strong><h2>Instructions:</h2></strong><br>
- 1. From Directory with images of virtual computers drag twice the picture SimpleArbiterVPN and VPNClient.<br>
- 2. With VirtualBox (or other programs for virtual computers) create two virtual computers and give them VPNCLient.vdi and SimpleArbiterVPN.vdi as disk for storage.<br>
- 3. On both set two network interface(NAT and Internal) and run them.<br>
- 4. On both VM login with username <strong>root</strong> and password <strong>kaboom</strong> .</p>
-<p><h3><u><strong><em>First part: Set up OpenVPN on SimpleArbiterVPN and VPNClient.</em></strong></u></h3>
-<p><h4><u><strong><em>Settings on the server:</em></strong></u></h4>
- 1. Download packages <strong>uml-utilities</strong> -> to adjust the virtual network interfaces and packet (<strong>openvpn</strong>). example: sudo apt-get install openvpn<br>
- 2. The new virtual network interface create with <strong>tunctl</strong> and specify IP with <strong>sudo ifconfig tap0 10.P.Q.R netmask 255.255.255.0</strong><br>
- 3. Then generirate common key (you will share that key with client) with the command: <strong>openvpn --genkey --secret vpnkljuc.key</strong><br>
- 4. On server set the configuration file tap0.conf, which should contain (split by lines) "dev tap0","proto tcp-server", "secret vpnkljuc.key"<br>
- 5. Run openvpn with <strong>openvpn --config /some_directory/somewhere/tap0.conf</strong><br/>
-<p><h4><u><strong><em>Settings on the client:</em></strong></u></h4>
-1., 2. steps are the same as the settings on the server<br>
-3. Create configuration file tap0.conf, which should contain (split by lines) "remote IP_OF_YOUR_VPN_SERVR", "dev tap0", "proto tcp-client", "secret vpnkljuc.key"<br>
-4. On OpenVPN server connect to <strong>openvpn --config /some_directory/somewhere/tap0.conf</strong><br/>
-<p>
-
- <u><strong><em><h3>Second part: Access to imenika /home/test/IME_IMENIKA over NFS</h3></em></strong></u>
-<p><h4><u><strong><em>Client settings:</em></strong></u></h4>
- 1. Using "sudo apt-get install nfs-kernel-server" we install nfs service<br>
- 2. Create a directory /home/test/IME_IMENIKA<br/>
- 3. To /etc/exports add line /home/test/bla IP_client
- 4. Use sudo exportfs -a to save
- 5. Restart service using "sudo service nfs-kernel-server start"
-<p><h4><u><strong><em>Client settings:</em></strong></u></h4>
- 1. Instal client for nfs with command "sudo apt-get install nfs-common"<br/>
- 2. Create mounting directory "sudo mkdir -p /mnt/nfs/home/test" and mount servers file "sudo mount IP_SERVER:/home/test"<br/>
- 3. For automatic mounting we add previous commands to /etc/fstab <br/>
-
-<p><h3><u><strong><em>How-to za uporabo kpov-judge za OpenVPN</em></strong></u></h3>
-
- </font>
-
-<hr>
-<p>
-howto: task_check(results, params):
- Metoda dobi, kot prvi argument rezultat metode task(...), kot drugi pa
- rezultat funkcije gen_params().
-
- Vrne stevilo pridobljenih tock.
-
-
-howto: task(...):
- Metoda prejme naslednje argumente:
- - IP naslov VPN streznika
- - DNS naslov VPN streznika
- - IP naslov klienta 1
- - DNS naslov klienta 1
- - IP naslov klienta 2
- - DNS naslov klienta 2
-
- Vrne slovar rezultatov:
-
- results['SimpleArbiter_is_VPN_set_up']
- pove ali je VPN streznik nastavljen
-
- results['SimpleArbiter_is_VPN_running']
- pove ali je VPN streznik zagnan
-
- results['SimpleArbiter_ping_C1']
- ping rezultati (streznik -> klient1)
-
- results['SimpleArbiter_ping_C2']
- ping rezultati (streznik -> klient2)
-
- results['SimpleArbiter_nmap_results']
- pove ali sta oba klienta povezana na pravi VPN streznik
-
- results['SimpleArbiter_dir_vpn_contents']
- kljuc, ce se ta nahaja v ustreznem imeniku
-
- results['SimpleArbiter_nfs_access_control_list']
- preveri ce NFS dovoljuje dostop do /home/test/IME_UPORABNIKA
-
- results['VPNClient1_ping_VPN_server']
- ping rezultati (klient 1 -> strežnik)
-
- results['VPNClient2_ping_VPN_server']
- ping rezultati (klient 2 -> strežnik)
-
-</p>
-
-</body>
-
-</html>
-
-</html>
diff --git a/kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html b/kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html
deleted file mode 100644
index 67e1c4e..0000000
--- a/kpov_judge/tasks/openvpn_simple_smb/howtos/si/index.html
+++ /dev/null
@@ -1,95 +0,0 @@
-<html>
-
-<head>
-<meta http-equiv=Content-Type content="text/html; charset=utf-8">
-</head>
-
-<body><font face="Georgia, Times New Roman, Times, serif">
-<strong><h1>OpenVPN in SMB vaja: </h1></strong>
-<p><strong><h2>Naloga na hitro: </h2></strong><br>
- Vzpostavi VPN povezavo z pomočjo OpenVPN. Omogoči dostop do datotek prek NFS in skopiraj datoteke prek SMB.</p>
-<p><strong><h2>Navodila:</h2></strong><br>
- 1. Iz imenika s slikami virtualnih računalnikov dvakrat povlecite sliki SimpleArbiterVPN ter VPNClient.<br>
- 2. Z VirtualBoxom (ali ostalim programom za virtualne računalnike) ustvarite dva virtualna računalnika in jim kot disk za shranjevanje podajte VPNCLient.vdi ter SimpleArbiterVPN.vdi.<br>
- 3. Na obeh nastavite dva omrežna vmesnika (NAT in Internal) in jih zaženite.<br>
- 4. Na oba VM-a se prijavite z uporabnikom <strong>root</strong> in geslom <strong>kaboom</strong> .</p>
-<p><h3><u><strong><em>Prvi del naloge: Nastavi OpenVPN na SimpleArbiterVPN in VPNClient.</em></strong></u></h3>
-<p><h4><u><strong><em>Nastavitve na strežniku:</em></strong></u></h4>
- 1. Prenesite pakete <strong>uml-utilities</strong> -> za nastavljanje navideznih omrežnih vmesnikov in paket (<strong>openvpn</strong>). Npr: sudo apt-get install openvpn<br>
- 2. Nov navidezni omrežni vmesnik kreirate z <strong>tunctl</strong> in mu podate IP z <strong>sudo ifconfig tap0 10.P.Q.R netmask 255.255.255.0</strong><br>
- 3. Nato generirate skupen ključ(ta ključ boste delili z klientom) z ukazom: <strong>openvpn --genkey --secret vpnkljuc.key</strong><br>
- 4. Na strežniku še nastavite konfiguracijsko datoteko tap0.conf, ki naj vsebuje (ločeno po vrsticah) "dev tap0","proto tcp-server", "secret vpnkljuc.key"<br>
- 5. Zaženete openvpn z <strong>openvpn --config /some_directory/somewhere/tap0.conf</strong><br/>
-<p><h4><u><strong><em>Nastavitve na klientu:</em></strong></u></h4>
-1., 2. koraka sta ista kot pri nastavitvah na strežniku<br>
-3. Kreirajte konfiguracijsko datoteko tap0.conf, ki naj vsebuje (ločeno po vrsticah) "remote IP_VAŠEGA_VPN_SERVERJA", "dev tap0", "proto tcp-client", "secret vpnkljuc.key"<br>
-4. Na OpenVPN strežnik se povežete z <strong>openvpn --config /some_directory/somewhere/tap0.conf</strong><br/>
-<p>
- <u><strong><em><h3>Drugi del naloge: Dostop prek NFS do imenika /home/test/IME_IMENIKA </h3></em></strong></u>
-<p><h4><u><strong><em>Nastavitve na strežniku:</em></strong></u></h4>
- 1. Z ukazom "sudo apt-get install nfs-kernel-server" namestimo nfs program<br>
- 2. Uredimo mapo exports "sudo nano /etc/exports" in kreiramo direktorij /home/test/IME_IMENIKA<br/>
- 3. V datoteko exports dodamo /home/test/bla IP_klienta
- 4. Share shranimo z sudo exportfs -a
- 5. NFS strežnik štartamo z "sudo service nfs-kernel-server start"
-<p><h4><u><strong><em>Nastavitve na klientu:</em></strong></u></h4>
- 1. Z ukazom "sudo apt-get install nfs-common" namestimo programček nfs-common, da lahko kasneje pripnemo share<br/>
- 2. Na klientu moramo urediti še mount tega direktorija: "sudo mkdir -p /mnt/nfs/home/test" in "sudo mount IP_SERVERJA:/home/test"<br/>
- 3. Za avtomatski mount ob ponovnem zagonu, dodamo prejšnje ukaze v datoteko /etc/fstab <br/>
-
-<p><h3><u><strong><em>How-to za uporabo kpov-judge za OpenVPN</em></strong></u></h3>
-
- </font>
-
-<hr>
-<p>
-howto: task_check(results, params):
- Metoda dobi, kot prvi argument rezultat metode task(...), kot drugi pa
- rezultat funkcije gen_params().
-
- Vrne stevilo pridobljenih tock.
-
-
-howto: task(...):
- Metoda prejme naslednje argumente:
- - IP naslov VPN streznika
- - DNS naslov VPN streznika
- - IP naslov klienta 1
- - DNS naslov klienta 1
- - IP naslov klienta 2
- - DNS naslov klienta 2
-
- Vrne slovar rezultatov:
-
- results['SimpleArbiter_is_VPN_set_up']
- pove ali je VPN streznik nastavljen
-
- results['SimpleArbiter_is_VPN_running']
- pove ali je VPN streznik zagnan
-
- results['SimpleArbiter_ping_C1']
- ping rezultati (streznik -> klient1)
-
- results['SimpleArbiter_ping_C2']
- ping rezultati (streznik -> klient2)
-
- results['SimpleArbiter_nmap_results']
- pove ali sta oba klienta povezana na pravi VPN streznik
-
- results['SimpleArbiter_dir_vpn_contents']
- kljuc, ce se ta nahaja v ustreznem imeniku
-
- results['SimpleArbiter_nfs_access_control_list']
- preveri ce NFS dovoljuje dostop do /home/test/IME_UPORABNIKA
-
- results['VPNClient1_ping_VPN_server']
- ping rezultati (klient 1 -> strežnik)
-
- results['VPNClient2_ping_VPN_server']
- ping rezultati (klient 2 -> strežnik)
-
-</p>
-
-</body>
-
-</html>
diff --git a/kpov_judge/tasks/openvpn_simple_smb/task.py b/kpov_judge/tasks/openvpn_simple_smb/task.py
deleted file mode 100644
index 5d7c22f..0000000
--- a/kpov_judge/tasks/openvpn_simple_smb/task.py
+++ /dev/null
@@ -1,261 +0,0 @@
-# kpov_util should be imported by add_assignment.py
-
-instructions = {
- 'si': '''\
-<p>
-Postavi dva navidezna računalnika: <em>SimpleArbiter</em> in <em>VPNClient1</em>. Poskrbite, da bosta povezana med seboj in v internet. Na <em>VPNClient1</em> namestite OpenVPN in program za nadzor nad virtualnimi napravami (s katerim kreirate napravo <code>tap</code>).
-
-<p>
-Na strežniku <em>SimpleArbiter</em> že teče strežnik in uporablja skrivnost, ki jo najdete tudi na <em>VPNClient1</em> v domačem imeniku uporabnika <code>student</code>. Na <em>VPNClient1</em> vzpostavite VPN tako, da napišete primerno datoteko z nastavitvami. Računalniku <em>VPNClient1</em> na navideznem lokalnem omrežju nastavite naslov
-<code>{{IP_VPNClient1}}</code>.
-
-<p>
-Nato poskrbite, da bo na <em>VPNClient1</em> na navideznem omrežju prek NFS omogočen
-dostop do imenika <code>/home/test/{{DIRNAME}}</code>. V ta imenik skopirajte datoteke, ki so prek SMB dostopne na <em>SimpleArbiter</em>.
-''',
- 'en': '''\
-<p>
-Setup two virtual machines: <em>SimpleArbiter</em> and <em>VPNClient1</em>. Set the client's network up so that it has access to the internal network and the internet. On <em>VPNClient1</em>, install OpenVPN and a program for supervising virtual devices
-(which you will use to create a <code>tap</code> device). On the VPN, set the IP for
-<em>VPNClient1</em> to <code>{{IP_VPNClient1}}</code>.
-
-<p>
-An OpenVPN server is already running on <em>SimpleArbiter</em>. Use the secret
-available on <em>VPNClient1</em> in the home directory of user <code>student</code> to connect to the VPN server on <em>SimpleArbiter</em>. To do that, you will have to write your
-own OpenVPN configuration file.
-
-<p>
-After you have set up the VPN, make the directory <code>/home/test/{{DIRNAME}}</code> on <em>VPNClient1</em> available over NFS from <em>SimpleArbiter</em> over
-your VPN. Copy files that are available from <em>SimpleArbiter</em> over SMB to <code>/home/test/{{DIRNAME}}</code>.
-'''
-}
-
-computers = {
- 'SimpleArbiter': {
- 'disks': [
- {
- 'name': 'simpleArbiterDhcpGWVPN',
- },
- ],
- 'network_interfaces': [
- {
- 'network': 'test-net'
- },
- {
- 'network': 'net1'
- }
- ],
- 'flavor': 'm1.tiny',
- 'config_drive': False
- },
- 'VPNClient1': {
- 'disks': [
- { 'name': 'student-VPNClient1',
- },
- ],
- 'network_interfaces': [
- {
- 'network': 'net1'
- }
- ],
- 'flavor': 'm1.tiny',
- 'config_drive': False
- },
-}
-
-networks = {
- 'test-net': {
- 'public': True
- },
- # Used for the VPN tunnel
- 'net1': {
- 'public': False
- }
-}
-
-#Tukaj sem generiral tri parametre, prosil bi če se upoštevajo pri Tasku.
-params_meta = {
- 'IP_SimpleArbiterVPN': {'descriptions':{'si':'IP za SimpleArbiter na VPN'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True},
- 'IP_VPNClient1': {'descriptions':{'si':'IP klienta na VPN'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True},
- 'IP_LANClient1': {'descriptions':{'si':'IP klienta na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False},
- 'DIRNAME': {'descriptions':{'si':'Imenik, dostopen prek NFS'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True},
- 'secret_random_seed': {'descriptions':{'si':'Seme za skrivnost'}, 'w': False, 'public': False, 'type': None, 'generated': True},
-}
-
-def task(IP_SimpleArbiterVPN, IP_VPNClient1, IP_LANClient1, DIRNAME):
- import collections
- from pexpect import pxssh # Used to set up an SSH connection to a remote machine
- import pexpect # Allows the script to spawn a child application and control it as if a human were typing commands
-
- # The necessary things we need to check if the task was performed correctly
- results = collections.defaultdict(str)
-
- # VPNClient1
- sC1 = pxssh.pxssh(encoding='utf-8')
- sC1.login(IP_LANClient1, 'student', 'vaje')
-
- # sA
- results['SimpleArbiter_ifconfig'] = pexpect.run(
- 'ifconfig -a', encoding='utf-8', env={'PATH': '/bin:/sbin'})
- results['SimpleArbiter_route'] = pexpect.run(
- 'route -n', encoding='utf-8', env={'PATH': '/bin:/sbin'})
-
- # Pings each of the clients
- # 10.8.0.6 and 10.8.0.10 are the first two default addresses distributed by OpenVPN
- # Will output everything ping outputs (set to ping 3 times)
- results['SimpleArbiter_ping_C1'] = pexpect.run(
- 'ping -c 3 {}'.format(IP_VPNClient1), encoding='utf-8')
- results['SimpleArbiter_traceroute'] = pexpect.run(
- 'traceroute {}'.format(IP_VPNClient1), encoding='utf-8')
- sC1.sendline('cat /etc/exports')
- sC1.prompt()
- output = sC1.before
- results['VPNClient1_nfs_access_control_list'] = output
- results['SimpleArbiter_mount'] = pexpect.run(
- 'sudo mount {}:/home/test/{} /mnt'.format(IP_VPNClient1, DIRNAME), encoding='utf-8')
- results['SimpleArbiter_mount_result'] = pexpect.run(
- 'sudo mount', encoding='utf-8')
- results['SimpleArbiter_ls'] = pexpect.run(
- 'ls /mnt', encoding='utf-8')
- pexpect.run(
- 'sudo umount /mnt', encoding='utf-8')
-
- # Ping the VPN server
- sC1.sendline('ping -c 3 {0}'.format( IP_SimpleArbiterVPN ))
- sC1.prompt()
- results['VPNClient1_ping_VPN_server'] = sC1.before
-
- sC1.sendline('/sbin/ifconfig -a')
- sC1.prompt()
- results['VPNClient1_ifconfig'] = sC1.before
-
- sC1.sendline('ps xa')
- sC1.prompt()
- results['VPNClient1_ps'] = sC1.before
- sC1.logout()
-
- return results
-
-def gen_params(user_id, params_meta):
- params = dict()
- #Tukaj sem generiral te tri parametre (ime skupne skrivnosti je heidi )
- #(ime imenika kjer naj bo shranjena skupna skrivnost naj bo openvpn)
- #(HASH bo naključno generiran niz iz user_id s katerim se bo preverjalo plagiatorstvo)
- import random
- r = random.Random(user_id)
- net = kpov_util.IPv4_subnet_gen(r, '10.168.0.0/16', 24)
- params['IP_VPNClient1'], params['IP_SimpleArbiterVPN'] = kpov_util.IPv4_addr_gen(r, net, 2)
- params['DIRNAME'] = kpov_util.fname_gen(r, extension=False)
- params['secret_random_seed']=str(r.random())
- return params
-
-
-def task_check(results, params):
- import re
- score = 0
- hints = []
-
- IP_SA = params['IP_SimpleArbiterVPN'].replace('.', '\.')
- IP_C1 = params['IP_VPNClient1'].replace('.', '\.')
- rs = r"tap0: flags=.* mtu 1500\r\n +inet {}".format(IP_SA)
- if re.search(rs,
- results['SimpleArbiter_ifconfig']):
- score += 1
- else:
- hints.append("ifconfig on SimpleArbiter not OK")
-
- if re.search(
- "PING.*\r\n64 bytes from {}: icmp_seq=[0-9]+ ttl=64 time=[0-9.]* ms".format(IP_C1),
- results['SimpleArbiter_ping_C1']):
- score += 1
- else:
- hints.append("ping from server not OK")
- rs = "1 +{0} \({0}\)".format(IP_C1)
- if re.search(rs, results['SimpleArbiter_traceroute']):
- score += 1
- else:
- hints.append("traceroute not OK")
- if results['VPNClient1_nfs_access_control_list'].find(
- '/home/test/' + params['DIRNAME'] + ' ') >= 0:
- score += 1
- if results['SimpleArbiter_mount_result'].find(
- '{}:/home/test/{} on /mnt type nfs'.format(
- params['IP_VPNClient1'], params['DIRNAME'])):
- score += 1
- else:
- hints.append("mount not OK")
-
- # get r into the correct state
- r = random.Random(params['secret_random_seed'])
- s = "\n".join(["".join([r.choice("0123456789abcdef") for i in range(32)])
- for i in range(16)])
- keyfile = kpov_util.fname_gen(r, extension=False)
-
- # now check the filenames
- fnames_ok = True
- for i in range(3):
- fname = kpov_util.fname_gen(r, False)
- foo = kpov_util.fortune(r, 4096)
- pos = results['SimpleArbiter_ls'].find(fname + '.txt')
- fnames_ok = fnames_ok and pos >= 0
- if fnames_ok:
- score += 2
- else:
- hints.append("shared filenames not OK:")
-
- # Ping the VPN server
- if re.search(
- "PING.*\r\n64 bytes from {}: icmp_seq=[0-9]+ ttl=64 time=[0-9.]* ms".format(IP_SA),
- results['VPNClient1_ping_VPN_server']):
- score += 1
- else:
- hints.append("ping from client not OK")
-
- rs = r"tap0: flags=.* mtu 1500\r\n +inet {}".format(IP_C1)
- if re.search(rs, results['VPNClient1_ifconfig']):
- score += 1
- else:
- hints.append("ifconfig on VPNClient1 not OK")
-
- if results['VPNClient1_ps'].find('openvpn') > 0:
- score += 1
- else:
- hints.append("openvpn not found running on VPNClient")
- return score, hints
-
-def prepare_disks(templates, task_params, global_params):
- #guestmount -a d -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt
- #asistent je pocasnela :)
- import random
- r = random.Random(task_params['secret_random_seed'])
- s = "\n".join([
- "".join([r.choice("0123456789abcdef") for i in range(32)])
- for i in range(16)])
- s = """#
-# 2048 bit OpenVPN static key
-#
------BEGIN OpenVPN Static key V1-----
-{}
------END OpenVPN Static key V1-----
-""".format(s)
- keyfile = kpov_util.fname_gen(r, extension=False) + ".key"
- templates['simpleArbiterDhcpGWVPN'].write("/etc/openvpn/secret.key", s)
- netaddr_s = """auto tap0
-iface tap0 inet static
- openvpn server
- pre-up tunctl -t tap0
- address {}
- netmask 255.255.255.0
-""".format(task_params['IP_SimpleArbiterVPN'])
- templates['simpleArbiterDhcpGWVPN'].write_append("/etc/network/interfaces", netaddr_s)
- for i in range(3):
- fname = kpov_util.fname_gen(r, False)
- templates['simpleArbiterDhcpGWVPN'].write(
- "/srv/smb/" + fname + '.txt',
- kpov_util.fortune(r, 4096))
- write_default_config(templates['simpleArbiterDhcpGWVPN'], global_params)
- templates['student-VPNClient1'].write("/home/student/" + keyfile, s)
- # uid, gid (student = )
- templates['student-VPNClient1'].chown(1000, 1000, "/home/student/" + keyfile)
-
- write_default_config(templates['simpleArbiterDhcpGWVPN'], global_params)
generated by cgit v1.2.1 (git 2.18.0) at 2024-06-26 19:25:19 +0000