diff options
Diffstat (limited to 'kpov_judge/tasks/radius_mysql_pam')
-rw-r--r-- | kpov_judge/tasks/radius_mysql_pam/howtos/en/index.html | 34 | ||||
-rw-r--r-- | kpov_judge/tasks/radius_mysql_pam/howtos/si/index.html | 40 | ||||
-rw-r--r-- | kpov_judge/tasks/radius_mysql_pam/task.py | 212 |
3 files changed, 0 insertions, 286 deletions
diff --git a/kpov_judge/tasks/radius_mysql_pam/howtos/en/index.html b/kpov_judge/tasks/radius_mysql_pam/howtos/en/index.html deleted file mode 100644 index ac53a1f..0000000 --- a/kpov_judge/tasks/radius_mysql_pam/howtos/en/index.html +++ /dev/null @@ -1,34 +0,0 @@ -<html>
-
-<head>
-<meta http-equiv=Content-Type content="text/html; charset=utf-8">
-</head>
-
-<body><font face="Georgia, Times New Roman, Times, serif">
-<strong><h1>Radius mysql:</h1></strong>
-<p><strong><h2>Quick how to:</h2></strong><br>
- Setup the OpenRadius server and add users. Use MySql as the database.</p>
-<strong><h2>Instructions:</h2></strong>
- <ol>
- <li>Create two virtual machines - SimpleArbiter (use the simpleArbiterDhcp.vdi disk) and RadiusServer. Discs for virtual machines are located on polz.si/media/uploads/kpov/virtualke.</li>
- <li>Create another two virtual machines using the disks VPNCLient.vdi and SimpleArbiterVPN.vdi.</li>
- <li>Setup both VMs so that they use two network adapters - NAT and Internal network.</li>
- <li>Login with the username <strong>student</strong> and password <strong>student</strong> on both VMs.</li>
- </ol>
-
-<h3><u><strong><em>Part one: Setup OpenRadius.</em></strong></u></h3>
- <ol>
- <li>Install OpenRadius on the RadiusServer VM (configuration files are: /etc/openradius/configuration and /etc/openradius/behaviour)</li>
- <li>Add a user and assign him a shared secret. This should be configured in the /etc/openradius/configuration file. (More info: <a href = "http://sites.e-advies.nl/openradius/doc-using-openradius.html"> http://sites.e-advies.nl/openradius/doc-using-openradius.html </a>)</li>
- <li>Create a connection from SimpleArbiter to RadiusServer using the secret you configured.</strong></li>
- </ol>
-<u><strong><em><h3>Part two: Install and setup a MySQL database on RadiusServer</h3></em></strong></u>
- <ol>
- <li>OpenRadius can use the module RadSQL to store users in database.</li>
- <li>Setup a MySQL server: sudo apt-get install mysql-server.</li>
- <li>Connect to the MySQL server: mysql -u root -p.</li>
- <li>Create a database: CREATE DATABASE <database-name>. Create a table <strong>users</strong> with columns <strong>username</strong> and <strong>password</strong>.</li>
- </ol>
-</body>
-
-</html>
diff --git a/kpov_judge/tasks/radius_mysql_pam/howtos/si/index.html b/kpov_judge/tasks/radius_mysql_pam/howtos/si/index.html deleted file mode 100644 index 612cce9..0000000 --- a/kpov_judge/tasks/radius_mysql_pam/howtos/si/index.html +++ /dev/null @@ -1,40 +0,0 @@ -<html>
-
-<head>
-<meta http-equiv=Content-Type content="text/html; charset=utf-8">
-</head>
-
-<body><font face="Georgia, Times New Roman, Times, serif">
-<strong><h1>Radius mysql:</h1></strong>
-<p><strong><h2>Naloga na hitro:</h2></strong><br>
- Postaviti je treba RADIUS strežnik in podatkovno bazo.<br>
- Za RADIUS strežnik uporabite FreeRADIUS, za podatkovno bazo pa MySQL.
-</p>
-<p><strong><h2>Navodila:</h2></strong><br>
- 1. Ustvarite dva navidezna računalnika z imenom SimpleArbiter in RadiusServer.<br>
- Za SimpleArbiter uporabite simpleArbiterDhcp, za RadiusServer pa lahko uporabite poljubno virtualko.<br>
- ( virtualke dobiš na polz.si/media/uploads/kpov/virtualke)<br>
- 2. Z VirtualBoxom (ali ostalim programom za virtualne računalnike) ustvarite dva virtualna računalnika in jim kot disk za shranjevanje podajte simpleArbiterDhcp.vdi ter base-student-console-2014.vdi.<br>
- 3. Na obeh nastavite dva omrežna vmesnika (NAT in Internal) in jih zaženite.<br>
- 4. Na oba VM-a se prijavite z uporabnikom <strong>student</strong> in geslom <strong>vaje</strong> .</p>
-<p><h3><u><strong><em>Prvi del naloge: Postavi OpenRadius.</em></strong></u></h3>
- 1. Namesti FreeRadius na virtualki RadiusServer z ukazom "sudo apt-get install freeradius".<br>
- ( pomembni sta dve konfiguracijski datoteki /etc/openradius/configuration in /etc/openradius/behaviour<br>
- 2. Dodaj uporabnika in mu dodaj skupno skrivnost v /etc/openradius/configuration datoteko (več o dodajanju lahko izveš na: "http://sites.e-advies.nl/openradius/doc-using-openradius.html" <br>
- 3. Nato se z to skrivnostjo povežete iz SimpleArbiter na RadiusServer</strong><br>
-
- Namestimo freeradius z ukazom apt-get install freeradius-mysql
- V datoteku /etc/freeradius/client.conf spremenimo skrivnost (secret)
- Nato pa v datoteki /etc/freeradius/users dodamo uporabnika
-
-
-<u><strong><em><h3>Drugi del naloge: Namestitev in vzpostavitev baze MySQL na RadiusServer </h3></em></strong></u>
- 1. Pri OpenRadius-u imamo modul RadSQL, s katerim lahko vzpostavimo hranjenje uporabnikov v bazi<br>
- 2. Namestimo MySQL server z ukazom "sudo apt-get install mysql-server"<br/>
- 3. VNato se prijavimo v Mysql server z ukazom mysql -u root -p <br/>
- 4. Bazo ustvarimo z ukazom primer:
- CREATE DATABASE kwhbRgJY;
- GRANT ALL ON kwhbRgJY.* To MajaNovak80@localhost IDENTIFIED BY "y06gmo2Z";
-</body>
-
-</html>
diff --git a/kpov_judge/tasks/radius_mysql_pam/task.py b/kpov_judge/tasks/radius_mysql_pam/task.py deleted file mode 100644 index 5051bb4..0000000 --- a/kpov_judge/tasks/radius_mysql_pam/task.py +++ /dev/null @@ -1,212 +0,0 @@ -# kpov_util should be imported by add_assignment.py - -instructions = { - 'si': '''\ -<p> -Ustvari dva navidezna računalnika: <em>SimpleArbiter</em> in <em>RadiusServer</em>. Na <em>RadiusServer</em> namesti FreeRadius ter MySQL. - -<p> -Ustvari podatkovno bazo MySQL z imenom <code>{{MYSQL_DB_NAME}}</code>. Ustvari uporabnika za MySQL z imenom <code>{{MYSQL_ADMIN_USER}}</code> in geslom <code>{{MYSQL_ADMIN_PASSWORD}}</code>, ki naj ima poln dostop do te baze. Prijava za tega uporabnika mora biti omogočena tudi s <em>SimpleArbiter</em>. - -<p> -Nastavi FreeRadius tako, da bo podatke o uporabnikih in geslih pobiral iz baze MySQL z imenom <code>{{MYSQL_DB_NAME}}</code>. Podatkovna shema (imena tabel) naj ostane -privzeta. - -<p> -Dostop do strežnika Radius na <em>RadiusServer</em> s <em>SimpleArbiter</em> naj bo mogoč ob uporabi skrivnosti <code>{{RADIUS_SECRET}}</code>. - -<p> -V bazi ustvari vnos, ki bo omogočil, da se na <em>RadiusServer</em> s pomočjo protokola Radius avtenticira uporabnik <code>{{RADIUS_USERNAME}}</code> z geslom <code>{{RADIUS_PASSWORD}}</code>. - -<p> -Nastavi PAM za prijavo (login) tako, da bo dovolj, če se uporabnik na SSH predstavi z uporabniškim imenom in geslom, ki sta veljavna na FreeRadius, ne glede na <code>/etc/shadow</code> oziroma <code>/etc/password</code>. -''', - 'en': '''\ -<p> -Create two virtual machines: <em>SimpleArbiter</em> and <em>RadiusServer</em>. On <em>RadiusServer</em>, install FreeRadius and MySQL. - -<p> -Create a MySQL database named <code>{{MYSQL_DB_NAME}}</code>. Create a mysql user with the username <code>{{MYSQL_ADMIN_USER}}</code> and password <code>{{MYSQL_ADMIN_PASSWORD}}</code>. Make sure this user can access the database from <em>SimpleArbiter</em> and has administrative rights over the <code>{{MYSQL_DB_NAME}}</code> database. - -<p> -Set up FreeRadius so that the data about users and passwords is stored in the MySQL database. Keep the default schema (table names). - -<p> -Make the Radius server on <em>RadiusServer</em> accessible from <em>SimpleArbiter</em> using <code>{{RADIUS_SECRET}}</code> as the secret. - -<p> -Create an entry in the database which will enable a user with the username <code>{{RADIUS_USERNAME}}</code> to authenticate themself against the Radius server using the password <code>{{RADIUS_PASSWORD}}</code>. - -<p> -Set up PAM to enable login over SSH using a username and password which are -valida on the FreeRadius server, regardless of the entries in <code>/etc/shadow</code> -and/or <code>/etc/password</code>. -''', -} - -#KABOOM - -computers = { - 'RadiusServer': { - 'disks': [ - { 'name': 'student-RadiusServer', - }, - ], - 'network_interfaces': [{'network': 'net1'}], - 'flavor': 'm1.tiny', - 'config_drive': False - - }, - 'SimpleArbiter': { - 'disks': [ - { 'name': 'simpleArbiterDhcpGW', - }, - ], - 'network_interfaces': [{'network': 'net1'}, {'network': 'test-net'}], - 'flavor': 'm1.tiny', - 'config_drive': False - } -} - -networks = { 'net1': {'public': False}, 'test-net': {'public': True} } - -params_meta = { - 'IP_RS': {'descriptions': {'si': 'Naslov RadiusServer', 'en': 'RadiusServer IP address'}, 'w': True, 'public':True, 'type': 'IP', 'generated': False}, - 'RADIUS_SECRET':{'descriptions': {'si': 'Skrivnost RADIUS', 'en': 'RADIUS secret'}, 'w': False, 'public':True, 'type': 'password', 'generated': True}, - 'RADIUS_USERNAME': {'descriptions': {'si': 'Uporabniško ime', 'en': 'Username'}, 'w': True, 'public':True, 'type': 'username', 'generated': False}, - 'RADIUS_PASSWORD': {'descriptions': {'si': 'Geslo uporabnika', 'en': 'Password'}, 'w': False, 'public':True, 'type': None, 'generated': True}, - 'MYSQL_DB_NAME': {'descriptions': {'si': 'Ime baze v mysql', 'en': 'Database name'}, 'w': False, 'public':True, 'type': None, 'generated': True}, - 'MYSQL_ADMIN_USER':{'descriptions': {'si': 'Uporabniško ime za dostop do MySQL', 'en': 'MySQL username'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, - 'MYSQL_ADMIN_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do MySQL', 'en': 'MySQL password'}, 'w': True, 'public':True, 'type': 'password', 'generated': True}, - 'MYSQL_SEED':{'descriptions': {'si': 'seed', 'en': 'seed'}, 'w': False, 'public':True, 'type': None, 'generated': True}, -} - -def task(IP_RS, RADIUS_SECRET, RADIUS_USERNAME, RADIUS_PASSWORD, - MYSQL_DB_NAME, MYSQL_ADMIN_USER, MYSQL_ADMIN_PASSWORD, MYSQL_SEED): - import collections - import random - import pexpect - - r = random.Random(MYSQL_SEED) - MYSQL_TEST_USER = kpov_util.username_gen(r) - MYSQL_TEST_PASSWORD = kpov_util.alnum_gen(r, 7) - RADIUS_NEW_PASSWORD = kpov_util.alnum_gen(r, 7) - - results = collections.defaultdict(str) - - # Testiranje radius strežnika - results['Test_RadiusServer'] = pexpect.run('radtest {0} {1} {2} 1812 {3}'.format( - RADIUS_USERNAME, RADIUS_PASSWORD, IP_RS, RADIUS_SECRET)) - - # Testiranje podatkovne base mysql - mysql = pexpect.spawn('mysql -u {MYSQL_ADMIN_USER} -p{MYSQL_ADMIN_PASSWORD} -h {IP_RS}'.format(**locals())) - mysql.expect("mysql>") - results['mysql_login'] = mysql.before - mysql.sendline('USE {MYSQL_DB_NAME}'.format(**locals())) - mysql.expect("mysql>") - results['database_connect'] = mysql.before - mysql.sendline('SELECT UserName, Value FROM radcheck;') - mysql.expect("mysql>") - results['select_from_users'] = mysql.before - mysql.sendline("INSERT INTO radcheck (UserName, Attribute, Value, Op) VALUES ('{MYSQL_TEST_USER}', 'Cleartext-Password', '{MYSQL_TEST_PASSWORD}', ':=');".format(**locals())) - mysql.expect("mysql>") - - results['radtest_OK'] = pexpect.run('radtest {0} {1} {2} 1812 {3}'.format( - MYSQL_TEST_USER, MYSQL_TEST_PASSWORD, IP_RS, RADIUS_SECRET)) - results['radtest_NOK'] = pexpect.run('radtest {0} {1} {2} 1812 {3}'.format( - MYSQL_TEST_USER, "Flügzeug", IP_RS, RADIUS_SECRET)) - results['radtest_NOK'] = pexpect.run('radtest {0} {1} {2} 1812 {3}'.format( - MYSQL_TEST_USER, "Flügzeug", IP_RS, RADIUS_SECRET)) - - mysql.sendline("UPDATE radcheck SET value='{RADIUS_NEW_PASSWORD}' where UserName='{RADIUS_USERNAME}' and Attribute='Cleartext-Password';".format(**locals())) - - results.update(kpov_util.ssh_test(IP_RS, RADIUS_USERNAME, RADIUS_NEW_PASSWORD)) - - mysql.sendline("UPDATE radcheck SET value='{RADIUS_PASSWORD}' where UserName='{RADIUS_USERNAME}' and Attribute='Cleartext-Password';".format(**locals())) - mysql.expect('mysql>') - mysql.sendline("DELETE FROM radcheck where UserName='{MYSQL_TEST_USER}' and Attribute='Cleartext-Password';".format(**locals())) - mysql.expect('mysql>') - mysql.sendline('\q'); - # TODO Testiranje PAM s testnim uporabnikom - - return results - -def gen_params(user_id, params_meta): - params = dict() - r = random.Random(user_id) - params['RADIUS_SECRET'] = kpov_util.alnum_gen(r, 8) - params['RADIUS_PASSWORD'] = kpov_util.alnum_gen(r, 8) - params['RADIUS_USERNAME'] = kpov_util.username_gen(r) - params['MYSQL_ADMIN_USER'] = kpov_util.alnum_gen(r, 6) - params['MYSQL_ADMIN_PASSWORD'] = kpov_util.alnum_gen(r, 6) - params['MYSQL_DB_NAME'] = kpov_util.alnum_gen(r, 4) - params['MYSQL_SEED'] = str(r.random()) - return params - -def task_check(results, params): - import re - import pickle - score = 0 - hints = [] - r = random.Random(params['MYSQL_SEED']) - MYSQL_TEST_USER = kpov_util.username_gen(r) - MYSQL_TEST_PASSWORD = kpov_util.alnum_gen(r, 7) - RADIUS_NEW_PASSWORD = kpov_util.alnum_gen(r, 7) - s = r"Sent Access-Request Id [0-9]+ from ([0-9]|\.)+:[0-9]+ to {IP_RS}:1812 length [0-9]+\r\n\tUser-Name = \"{RADIUS_USERNAME}\"\r\n\tUser-Password = \"{RADIUS_PASSWORD}\".*Access-Accept Id [0-9]+ from {IP_RS}".format(**params) - #with open('test.pickle', 'w') as f: - # pickle.dump({'pattern': s, 'res': results['Test_RadiusServer']}, f) - if re.search(s, results['Test_RadiusServer'], flags=re.DOTALL): - # print "Test OK" - score += 2 - else: - hints.append('radtest connect output incorrect:' + results['Test_RadiusServer']) - print((results['Test_RadiusServer'], s)) - # Testiranje podatkovne base mysql - s = "Welcome to the MySQL monitor.*Type 'help;' or '\\\\h' for help\\. Type '\\\\c' to clear the current input statement\\.\r\n" - if re.search(s, results['mysql_login'], flags=re.DOTALL): - # print "mysql_login OK" - score += 1 - else: - hints.append("mysql connection string incorrect") - print((results['mysql_login'], s)) - s = " USE {MYSQL_DB_NAME}\r\nReading table information.*Database changed\r\n".format(**params) - if re.search(s, results['database_connect'], flags=re.DOTALL): - # print "database_connect OK" - score += 1 - else: - hints.append('mysql table information string incorrect') - print((results['database_connect'],)) - s = " SELECT UserName, Value FROM radcheck;\r\n.*{RADIUS_USERNAME} *| *{RADIUS_PASSWORD}".format(**params) - if re.search(s, results['select_from_users'], flags=re.DOTALL): - # print "select_from_users OK" - score += 2 - else: - hints.append('mysql user entry in table check failed') - print((results['select_from_users'], )) - - s = r"Sent Access-Request Id [0-9]+ from ([0-9]|\.)+:[0-9]+ to {0}:1812 length [0-9]+\r\n\tUser-Name = \"{1}\"\r\n\tUser-Password = \"{2}\".*Access-Accept Id [0-9]+ from {0}".format(params['IP_RS'], MYSQL_TEST_USER, MYSQL_TEST_PASSWORD) - if re.search(s, results['radtest_OK'], flags=re.DOTALL): - # print "radtest_OK OK" - score += 2 - else: - hints.append('radtest output incorrect:' + results['radtest_OK']) - print((s, results['radtest_OK'])) - - s = r"Sent Access-Request Id [0-9]+ from ([0-9]|\.)+:[0-9]+ to {0}:1812 length [0-9]+\r\n\tUser-Name = \"{1}\"\r\n\tUser-Password = \"Flügzeug\".*Access-Reject Id [0-9]+ from {0}".format(params['IP_RS'], MYSQL_TEST_USER) - if re.search(s, results['radtest_NOK'], flags=re.DOTALL): - # print "radtest_NOK OK" - score += 1 - else: - hints.append('radtest negative output incorrect: ' + results['radtest_NOK']) - print((results['radtest_NOK'], s)) - s = "{RADIUS_USERNAME}@.*:".format(**params) - if re.search(s, results['motd'], flags=re.DOTALL): - # print "login_test OK" - score += 1 - else: - hints.append('login test failed') - print((results['login_test'],s)) - return score, hints - -def prepare_disks(templates, task_params, global_params): - write_default_config(templates['simpleArbiterDhcpGW'], global_params) |