diff options
Diffstat (limited to 'kpov_judge')
-rw-r--r-- | kpov_judge/tasks/radius_mysql_pam/task.py | 236 |
1 files changed, 119 insertions, 117 deletions
diff --git a/kpov_judge/tasks/radius_mysql_pam/task.py b/kpov_judge/tasks/radius_mysql_pam/task.py index 0319dbd..55ae14e 100644 --- a/kpov_judge/tasks/radius_mysql_pam/task.py +++ b/kpov_judge/tasks/radius_mysql_pam/task.py @@ -1,117 +1,119 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- -. -# kpov_random_helpers should be imported by add_assignment.py - - instructions = { - 'si':u""" -Ustvari dva navidezna računalnika - SimpleArbiter z diska simpleArbiterDhcp ter -RadiusServer.SimpleArbeiterDhcp dobis na naslovu polz.si/media/uploads/kpov/virtualke.Na RadiusServer namesti OpenRadius. Dodatna navodila za instalacijo najdete na evbergen.home.xs4all.nl/openradius/doc-using-openradius.html.OpenRadius uporablja dve konfiguracijski datoteki. To sta /etc/openradius/configuration in /etc/openradius/behaviour. -Prejsnja definira serverjeve vire in vmesnike slednja pa nastavi, kako bo server delal z zahtevami. Na SimpleArbiter preberi uporabnisko ime in geslo -uporabnika ter ga dodaj v konfiguracijo OpenRadius na RadiusServer. Na SimpleArbiter -preberi skrivnost ter poskrbi, da se bo s to skrivnostjo SimpleArbiter lahko povezal -na RadiusServer . - -Nato na OpenRadius namesti še podatkovno bazo mysql. Na SimpleArbiter preberi še ime podatkovne baze, -uporabniško ime na bazi ter geslo, s katerim se bo lahko klient s SimpleArbiter na to bazo lahko povezal. -Ustvari podatkovno bazo.Najprej namestimo mysql server. Nato se prijavimo v Mysql server z ukazom mysql -u root -p. Bazo ustvarimo z ukazom CREATE DATABASE <imePodatkovneBaze>. V bazi ustvari tabelo "users" s stolpcema username ter password. -Na RadiusServer ustvari uporabnika test. Nastavi PAM tako, da se bo geslo uporabnika primerjalo z vnosom -v tabeli v mysql, namesto da se uporabi datoteka /etc/passwd oziroma /etc/shadow. -""" - 'en':u"""Create two virtual computers - SimpleArbiter (using the SimpleArbiterDhcp.vdi disk) and RadiusServer. You can get the disk image at polz.si/media/uploads/kpov/virtualke. Install OpenRadius on the RadiusServer VM. Installation instructions can be found at evbergen.home.xs4all.nl/openradius/doc-using-openradius.html. OpenRadius uses two configuration files /etc/openradius/configuration and /etc/openradius/behaviour. The first one defines sources and interfaces of the server, the second one defines how the server responds to requests. Add your username and password from the SimpleArbiter VM to the OpenRadius configuration. Make shure that SimpleArbiter is able to connect to RadiusServer using the shared secret. -Install the MySQL database on the RadiusServer VM. Log into the MySQL server using mysql -u root -p . Create the database using CREATE DATABASE <dbnamehere>. Add the columns username and password. Create the user test on RadiusServer and setup PAM so that the user password is checked against the MySQL database instead of the file /etc/passwd or /etc/shadow. -""" -} - -computers = { - 'RadiusServer': { - 'disks': [ - { 'name': 'RadiusServer', - }, - #{ 'name': 'CDROM', - # 'options':{'readonly': True}, - # 'parts': [],# no parts, no mounting. - #} - ], - 'network_interfaces': [{'network': 'net1'}], - 'flavor': 'm1.tiny', - 'config_drive': False - - }, - 'SimpleArbiter': { - 'disks': [ - { 'name': 'simpleArbiterDhcp', - # attempt automount - }, - #{ 'name': 'CDROM', - # 'options': {'readonly': True}, - # 'parts': [{'dev': 'b1', 'path': '/cdrom'}], - #}, - ], - 'network_interfaces': [{'network': 'net1'}, {'network': 'test-net'}], - 'flavor': 'm1.tiny', - 'config_drive': False - } -} - -networks = { 'net1': {'public': False}, 'test-net': {'public': True} } - -params_meta = { - 'IP_RS': {'descriptions': {'si': 'Naslov RadiusServer'}, 'w': False, 'public':True, 'type': 'IP', 'generated': True}, - 'RADIUS_SECRET':{'descriptions': {'si': 'Skrivnost RADIUS'}, 'w': False, 'public':True, 'type': 'passwd', 'generated': True}, - 'RADIUS_USERNAME': {'descriptions': {'si': 'Username v RADIUS'}, 'w': True, 'public':True, 'type': 'username', 'generated': False}, - 'RADIUS_PASSWORD': {'descriptions': {'si': 'Geslo v RADIUS'}, 'w': False, 'public':True, 'type': '', 'generated': True}, - 'MYSQL_ADMIN_USER':{'descriptions': {'si': 'Username za dostop do MySQL'}, 'w': True, 'public':True, 'type': 'username', 'generated': False}, - 'MYSQL_ADMIN_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do MySQL'}, 'w': True, 'public':True, 'type': 'passwd', 'generated': True}, - 'MYSQL_PAM_USERNAME': {'descriptions': {'si': 'Username v MySQL'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, - 'MYSQL_PAM_PASSWORD': {'descriptions': {'si': 'Geslo za uporabnika v MySQL'}, 'w': True, 'public': True, 'type': 'passwd', 'generated': False}, -} - -def task(IP_RS, RADIUS_SECRET, RADIUS_USERNAME, RADIUS_PASSWORD, MYSQL_ADMIN_USER, MYSQL_ADMIN_PASSWORD, MYSQL_PAM_USERNAME, MYSQL_PAM_PASSWORD): - import pxssh - results = dict() - peer_user = 'student' - peer_passwd = 'vaje' - - sR = pxssh.pxssh() - sR.login(IP_RS, peer_user, peer_passwd) - - results['Test_RadiusServer'] = sR.run('radtest RADIUS_USERNAME RADIUS_PASSWORD IP_RS 1812 RADIUS_SECRET') - - - return results - -def gen_params(user_id, params_meta): - params = dict() - r = random.Random(user_id) - secrets = ['skupna', 'secret', 'skrivnost', 'mystery', 'tajna', 'skupnaskrivnost', 'nekadruga', 'spetnekaskrivnost'] - crke = list(string.ascii_lowercase) - for name, meta in param_meta.iteritems(): - params[name] = default_generators[meta.get('type', None](r) - params['RADIUS_SECRET'] = r.choice(secrets) - password = SQLpassword = "" - for i in range(4): - passowrd+=crke[randint(0,25)] - SQLpassword+=crke[randint(0,25)] - params['RADIUS_PASSWORD'] = password - params['MYSQL_ADMIN_PASSWORD'] = SQLpassword - return params - -def task_check(results, params): - import re - score = -9 - if results['NM_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_NM'])) > -1: - score += 3 - if results['static_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_static'])) > -1: - score += 3 - if re.search(r'eth0 +802-.*connected', results['NM_nmcli']): - score += 2 - if not re.search(r'eth0 +802-.*connected', results['static_nmcli']): - score += 2 - score = 0 - return score - -def prepare_disks(templates, params): -# d = templates['simpleArbiterDhcp'] - pass - +#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+.
+# kpov_random_helpers should be imported by add_assignment.py
+
+ instructions = {
+ 'si':u"""
+Ustvari dva navidezna računalnika - SimpleArbiter z diska simpleArbiterDhcp ter
+RadiusServer.SimpleArbeiterDhcp dobis na naslovu polz.si/media/uploads/kpov/virtualke.Na RadiusServer namesti OpenRadius. Dodatna navodila za instalacijo najdete na evbergen.home.xs4all.nl/openradius/doc-using-openradius.html.OpenRadius uporablja dve konfiguracijski datoteki. To sta /etc/openradius/configuration in /etc/openradius/behaviour.
+Prejsnja definira serverjeve vire in vmesnike slednja pa nastavi, kako bo server delal z zahtevami. Na SimpleArbiter preberi uporabnisko ime in geslo
+uporabnika ter ga dodaj v konfiguracijo OpenRadius na RadiusServer. Na SimpleArbiter
+preberi skrivnost ter poskrbi, da se bo s to skrivnostjo SimpleArbiter lahko povezal
+na RadiusServer .
+
+Nato na OpenRadius namesti še podatkovno bazo mysql. Na SimpleArbiter preberi še ime podatkovne baze,
+uporabniško ime na bazi ter geslo, s katerim se bo lahko klient s SimpleArbiter na to bazo lahko povezal.
+Ustvari podatkovno bazo.Najprej namestimo mysql server. Nato se prijavimo v Mysql server z ukazom mysql -u root -p. Bazo ustvarimo z ukazom CREATE DATABASE <imePodatkovneBaze>. V bazi ustvari tabelo "users" s stolpcema username ter password.
+Na RadiusServer ustvari uporabnika test. Nastavi PAM tako, da se bo geslo uporabnika primerjalo z vnosom
+v tabeli v mysql, namesto da se uporabi datoteka /etc/passwd oziroma /etc/shadow.
+"""
+ 'en':u"""Create two virtual computers - SimpleArbiter (using the SimpleArbiterDhcp.vdi disk) and RadiusServer. You can get the disk image at polz.si/media/uploads/kpov/virtualke. Install OpenRadius on the RadiusServer VM. Installation instructions can be found at evbergen.home.xs4all.nl/openradius/doc-using-openradius.html. OpenRadius uses two configuration files /etc/openradius/configuration and /etc/openradius/behaviour. The first one defines sources and interfaces of the server, the second one defines how the server responds to requests. Add your username and password from the SimpleArbiter VM to the OpenRadius configuration. Make shure that SimpleArbiter is able to connect to RadiusServer using the shared secret.
+Install the MySQL database on the RadiusServer VM. Log into the MySQL server using mysql -u root -p . Create the database using CREATE DATABASE <dbnamehere>. Add the columns username and password. Create the user test on RadiusServer and setup PAM so that the user password is checked against the MySQL database instead of the file /etc/passwd or /etc/shadow.
+"""
+}
+
+#KABOOM
+
+computers = {
+ 'RadiusServer': {
+ 'disks': [
+ { 'name': 'RadiusServer',
+ },
+ #{ 'name': 'CDROM',
+ # 'options':{'readonly': True},
+ # 'parts': [],# no parts, no mounting.
+ #}
+ ],
+ 'network_interfaces': [{'network': 'net1'}],
+ 'flavor': 'm1.tiny',
+ 'config_drive': False
+
+ },
+ 'SimpleArbiter': {
+ 'disks': [
+ { 'name': 'simpleArbiterDhcp',
+ # attempt automount
+ },
+ #{ 'name': 'CDROM',
+ # 'options': {'readonly': True},
+ # 'parts': [{'dev': 'b1', 'path': '/cdrom'}],
+ #},
+ ],
+ 'network_interfaces': [{'network': 'net1'}, {'network': 'test-net'}],
+ 'flavor': 'm1.tiny',
+ 'config_drive': False
+ }
+}
+
+networks = { 'net1': {'public': False}, 'test-net': {'public': True} }
+
+params_meta = {
+ 'IP_RS': {'descriptions': {'si': 'Naslov RadiusServer'}, 'w': False, 'public':True, 'type': 'IP', 'generated': True},
+ 'RADIUS_SECRET':{'descriptions': {'si': 'Skrivnost RADIUS'}, 'w': False, 'public':True, 'type': 'passwd', 'generated': True},
+ 'RADIUS_USERNAME': {'descriptions': {'si': 'Username v RADIUS'}, 'w': True, 'public':True, 'type': 'username', 'generated': False},
+ 'RADIUS_PASSWORD': {'descriptions': {'si': 'Geslo v RADIUS'}, 'w': False, 'public':True, 'type': '', 'generated': True},
+ 'MYSQL_ADMIN_USER':{'descriptions': {'si': 'Username za dostop do MySQL'}, 'w': True, 'public':True, 'type': 'username', 'generated': False},
+ 'MYSQL_ADMIN_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do MySQL'}, 'w': True, 'public':True, 'type': 'passwd', 'generated': True},
+ 'MYSQL_PAM_USERNAME': {'descriptions': {'si': 'Username v MySQL'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False},
+ 'MYSQL_PAM_PASSWORD': {'descriptions': {'si': 'Geslo za uporabnika v MySQL'}, 'w': True, 'public': True, 'type': 'passwd', 'generated': False},
+}
+
+def task(IP_RS, RADIUS_SECRET, RADIUS_USERNAME, RADIUS_PASSWORD, MYSQL_ADMIN_USER, MYSQL_ADMIN_PASSWORD, MYSQL_PAM_USERNAME, MYSQL_PAM_PASSWORD):
+ import pxssh
+ results = dict()
+ peer_user = 'student'
+ peer_passwd = 'vaje'
+
+ sR = pxssh.pxssh()
+ sR.login(IP_RS, peer_user, peer_passwd)
+
+ results['Test_RadiusServer'] = sR.run('radtest RADIUS_USERNAME RADIUS_PASSWORD IP_RS 1812 RADIUS_SECRET')
+
+
+ return results
+
+def gen_params(user_id, params_meta):
+ params = dict()
+ r = random.Random(user_id)
+ secrets = ['skupna', 'secret', 'skrivnost', 'mystery', 'tajna', 'skupnaskrivnost', 'nekadruga', 'spetnekaskrivnost']
+ crke = list(string.ascii_lowercase)
+ for name, meta in param_meta.iteritems():
+ params[name] = default_generators[meta.get('type', None](r)
+ params['RADIUS_SECRET'] = r.choice(secrets)
+ password = SQLpassword = ""
+ for i in range(4):
+ passowrd+=crke[randint(0,25)]
+ SQLpassword+=crke[randint(0,25)]
+ params['RADIUS_PASSWORD'] = password
+ params['MYSQL_ADMIN_PASSWORD'] = SQLpassword
+ return params
+
+def task_check(results, params):
+ import re
+ score = -9
+ if results['NM_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_NM'])) > -1:
+ score += 3
+ if results['static_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_static'])) > -1:
+ score += 3
+ if re.search(r'eth0 +802-.*connected', results['NM_nmcli']):
+ score += 2
+ if not re.search(r'eth0 +802-.*connected', results['static_nmcli']):
+ score += 2
+ score = 0
+ return score
+
+def prepare_disks(templates, params):
+# d = templates['simpleArbiterDhcp']
+ pass
+
|