From 040be8ae5a1475182b782ac8da86d263b646da7e Mon Sep 17 00:00:00 2001 From: "sk4919@student.uni-lj.si" Date: Wed, 3 May 2017 19:39:02 +0000 Subject: git-svn-id: https://svn.lusy.fri.uni-lj.si/kpov-public-svn/kpov-public@415 5cf9fbd1-b2bc-434c-b4b7-e852f4f63414 --- kpov_judge/tasks/openvpn_multiple_hops/task.py | 434 +++++++++++++++++++++++++ 1 file changed, 434 insertions(+) create mode 100644 kpov_judge/tasks/openvpn_multiple_hops/task.py diff --git a/kpov_judge/tasks/openvpn_multiple_hops/task.py b/kpov_judge/tasks/openvpn_multiple_hops/task.py new file mode 100644 index 0000000..32b1835 --- /dev/null +++ b/kpov_judge/tasks/openvpn_multiple_hops/task.py @@ -0,0 +1,434 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# kpov_random_helpers should be imported by add_assignment.py + +instructions = { + 'si':u""" +Postavi 4 navidezne računalnike - SimpleArbiter z diska simpleArbiterDhcp, A, B ter C. +Na računalnikih A, B in C ustvari uporabnika test z geslom test. +Poskrbi, da bodo vsi štirje na istem navideznem fizičnem omrežju. Naslov omrežja (NET_PHYS) ter naslove +(IP_A, IP_B, IP_C) preberi na SimpleArbiter. S pomočjo OpenVPN postavi navidezno omrežje med A in B na naslovih NET_VPN1. +Nato s pomočjo OpenVPN postavi še navidezno omrežje med B in C na naslovih NET_VPN2. +Poskrbi, da bo promet z A prek VPN prišel do C in obratno. Za avtentikacijo uporabi skupne skrivnosti, ki +jih prebereš na SimpleArbiter - med A in B SECRET_AB ter med B in C SECRET_BC. +""" +} + +computers = { + 'SimpleArbiter': { + 'disks': [ + { + 'name': 'simpleArbiterDhcp', + } + ], + 'network_interfaces': [ + { + 'network': 'nat' + }, + { + 'network': 'net1' + } + ], + 'flavor': 'm1.tiny', + 'config_drive': False + }, + 'VPNClient1': { + 'disks': [ + { + 'name': 'student-VPNClient1', + } + ], + 'network_interfaces': [ + { + 'network': 'net1' + }, + { + 'network': 'vpnAB' + } + ], + 'flavor': 'm1.tiny', + 'config_drive': False + }, + 'VPNClient2': { + 'disks': [ + { + 'name': 'student-VPNClient2', + } + ], + 'network_interfaces': [ + { + 'network': 'net1' + }, + { + 'network': 'vpnAB' + }, + { + 'network': 'vpnBC' + } + ], + 'flavor': 'm1.tiny', + 'config_drive': False + }, + 'VPNClient3': { + 'disks': [ + { + 'name': 'student-VPNClient3', + } + ], + 'network_interfaces': [ + { + 'network': 'net1' + }, + { + 'network': 'vpnBC' + } + ], + 'flavor': 'm1.tiny', + 'config_drive': False + } +} + +networks = { + 'nat': { + 'public': True + }, + + 'net1': { + 'public': True + }, + # Used for VPN + 'vpnAB': { + 'public': False + }, + + 'vpnBC': { + 'public': False + } +} +#Tukaj sem generiral osem parametrov, prosil bi če se upoštevali pri Tasku. +params_meta = { + 'IP_VPNClient1': {'descriptions':{'si':'IP klienta A na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, + 'IP_LANClient1': {'descriptions':{'si':'IP klienta A na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, + 'IP1_VPNClient2': {'descriptions':{'si':'1. IP klienta B na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, + 'IP2_VPNClient2': {'descriptions':{'si':'2. IP klienta B na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, + 'IP_LANClient2': {'descriptions':{'si':'IP klienta B na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, + 'IP_VPNClient3': {'descriptions':{'si':'IP klienta C na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, + 'IP_LANClient3': {'descriptions':{'si':'IP klienta C na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, + 'IP_SimpleArbiterLAN': {'descriptions':{'si':'IP za SimpleArbiter na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False} +} + + +def task(IP_SimpleArbiterLAN, IP_VPNClient1, IP_LANClient1, IP1_VPNClient2, IP2_VPNClient2, IP_LANClient2, IP_VPNClient3, IP_LANClient3): + + from pexpect import pxssh # Used to set up an SSH connection to a remote machine + import pexpect # Allows the script to spawn a child application and control it as if a human were typing commands + + + # The necessary things we need to check if the task was performed correctly + results = dict() + + # The login params (these must be used on the machines!) + peer_user = 'test' + peer_passwd = 'test' + + ### + # Sets up the SSH connections to the machines + ### + # VPNClient1 + sC1 = pxssh.pxssh() + + # Logs in to the machines with the default login params + sC1.login( + IP_LANClient1, + peer_user, + peer_passwd + ) + + ###### + # Ukazi za A + ###### + + # ifconfig -a + sC1.sendline('/sbin/ifconfig -a') + sC1.prompt() + results['VPNClient1_ifconfig'] = sC1.before + + # route -n + sC1.sendline('/sbin/route -n') + sC1.prompt() + results['VPNClient1_route'] = sC1.before + + # ping C2 + sC1.sendline('ping -c 3 {}'.format(IP1_VPNClient2)) + sC1.prompt() + results['VPNClient1_ping1_C2'] = sC1.before + + sC1.sendline('ping -c 3 {}'.format(IP2_VPNClient2)) + sC1.prompt() + results['VPNClient1_ping2_C2'] = sC1.before + + # ping C3 + sC1.sendline('ping -c 3 {}'.format(IP_VPNClient3)) + sC1.prompt() + results['VPNClient1_ping_C3'] = sC1.before + + # traceroute na C + + sC1.sendline('traceroute {}'.format(IP_VPNClient3)) + sC1.prompt() + results['VPNClient1_traceroute_C3'] = sC1.before + + sC1.logout() + + ###### + # Ukazi za B + ###### + + # VPNClient2 + sC2 = pxssh.pxssh() + + sC2.login( + IP_LANClient2, + peer_user, + peer_passwd + ) + + + # ifconfig -a + sC2.sendline('/sbin/ifconfig -a') + sC2.prompt() + results['VPNClient2_ifconfig'] = sC2.before + + # route -n + sC2.sendline('/sbin/route -n') + sC2.prompt() + results['VPNClient2_route'] = sC2.before + + # ping C2 + sC2.sendline('ping -c 3 {}'.format(IP_VPNClient1)) + sC2.prompt() + results['VPNClient2_ping_C1'] = sC2.before + + # ping C3 + + sC2.sendline('ping -c 3 {}'.format(IP_VPNClient3)) + sC2.prompt() + results['VPNClient2_ping_C3'] = sC2.before + + sC2.logout() + + ###### + # Ukazi za C + ###### + + # VPNClient3 + sC3 = pxssh.pxssh() + + sC3.login( + IP_LANClient3, + peer_user, + peer_passwd + ) + + # ifconfig -a + sC3.sendline('/sbin/ifconfig -a') + sC3.prompt() + results['VPNClient3_ifconfig'] = sC3.before + + # route -n + sC3.sendline('/sbin/route -n') + sC3.prompt() + results['VPNClient3_route'] = sC3.before + + # ping C2 + sC3.sendline('ping -c 3 {}'.format(IP2_VPNClient2)) + sC3.prompt() + results['VPNClient3_ping_C2'] = sC3.before + + # ping C3 + sC3.sendline('ping -c 3 {}'.format(IP_VPNClient1)) + sC3.prompt() + results['VPNClient3_ping_C1'] = sC3.before + + # traceroute na C + sC3.sendline('traceroute {}'.format(IP_VPNClient1)) + sC3.prompt() + results['VPNClient3_traceroute_C1'] = sC3.before + + sC3.logout() + + return results + +def gen_params(user_id, params_meta): + params = dict() + import random + r = random.Random(user_id) + net = kpov_random_helpers.IPv4_subnet_gen(r, '10.70.0.0/16', 24) + params['IP_VPNClient1'], params['IP1_VPNClient2'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2) + net = kpov_random_helpers.IPv4_subnet_gen(r, '10.50.0.0/16', 24) + params['IP_VPNClient3'], params['IP2_VPNClient2'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2) + return params + +def task_check(results, params): + + import re + score = 0 + hints = [] + + IP_C1 = params['IP_VPNClient1'].replace('.', '\.') + IP1_C2 = params['IP1_VPNClient2'].replace('.', '\.') + IP2_C2 = params['IP2_VPNClient2'].replace('.', '\.') + IP_C3 = params['IP_VPNClient3'].replace('.', '\.') + + # testi za ifconfig + # C1 + rs = r"tun0.*\n.*inet.*{}".format(IP_C1) + if re.search(rs, + results['VPNClient1_ifconfig']): + score += 1 + else: + hints.append("ifconfig on VPNClient1 is not OK") + pass + # C2 + rs = r"tun.*\n.*inet.*{}".format(IP1_C2) + if re.search(rs, results['VPNClient2_ifconfig']): + rs = r"tun.*\n.*inet.*{}".format(IP2_C2) + if re.search(rs, results['VPNClient2_ifconfig']): + score += 1 + else: + hints.append("ifconfig on VPNClient2 is not OK") + pass + else: + hints.append("ifconfig on VPNClient2 is not OK") + pass + # C3 + rs = r"tun0.*\n.*inet.*{}".format(IP_C3) + if re.search(rs, results['VPNClient3_ifconfig']): + score += 1 + else: + hints.append("ifconfig on VPNClient3 is not OK") + pass + # testi za route + # C1 + rs = r"{}.*tun0".format(IP1_C2) + if IP_C3[:-1].endswith('.'): + ASD = IP_C3[:-1]+"0" + elif IP_C3[:-2].endswith('.'): + ASD = IP_C3[:-2]+"0" + else: + ASD = IP_C3[:-3]+"0" + if re.search(rs, results['VPNClient1_route']): + rs = r"{} {}.*tun0".format(ASD, IP1_C2) + if re.search(rs, results['VPNClient1_route']): + score += 1 + else: + hints.append("route on VPNClient1 is not OK") + else: + hints.append("route on VPNClient1 is not OK") + pass + # C2 + rs = r"{}.*tun".format(IP_C1) + if re.search(rs, results['VPNClient2_route']): + rs = r"{}.*tun".format(IP_C3) + if re.search(rs, results['VPNClient2_route']): + score += 1 + else: + hints.append("route on VPNClient2 is not OK") + else: + hints.append("route on VPNClient2 is not OK") + pass + # C3 + rs = r"{}.*tun0".format(IP2_C2) + if IP_C1[:-1].endswith('.'): + ASD = IP_C1[:-1]+"0" + elif IP_C1[:-2].endswith('.'): + ASD = IP_C1[:-2]+"0" + else: + ASD = IP_C1[:-3]+"0" + if re.search(rs, results['VPNClient3_route']): + rs = r"{} {}.*tun0".format(ASD, IP2_C2) + if re.search(rs, results['VPNClient3_route']): + score += 1 + else: + hints.append("route on VPNClient3 is not OK") + else: + hints.append("route on VPNClient3 is not OK") + pass + # testi za ping + # C1 + rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP1_C2) + if re.search(rs, results['VPNClient1_ping1_C2']): + score += 0.5 + else: + hints.append("ping from VPNClient1 to VPNClient2 is not OK") + pass + rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C3) + if re.search(rs, results['VPNClient1_ping_C3']): + score += 0.5 + else: + hints.append("ping from VPNClient1 to VPNClient3 is not OK") + pass + # C2 + rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C1) + if re.search(rs, results['VPNClient2_ping_C1']): + score += 0.5 + else: + hints.append("ping from VPNClient2 to VPNClient1 is not OK") + pass + rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C3) + if re.search(rs, results['VPNClient2_ping_C3']): + score += 0.5 + else: + hints.append("ping from VPNClient2 to VPNClient3 is not OK") + pass + # C3 + rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C1) + if re.search(rs, results['VPNClient3_ping_C1']): + score += 0.5 + else: + hints.append("ping from VPNClient3 to VPNClient1 is not OK") + pass + rs = r"64 bytes from {}: icmp_seq=1 ttl=[0-9]+ time=\d+\.\d+ ms".format(IP2_C2) + if re.search(rs, results['VPNClient3_ping_C2']): + score += 0.5 + else: + hints.append("ping from VPNClient3 to VPNClient2 is not OK") + pass + #score = int(score) + + # testi za tracetoute + # C1 + rs = r"1 {}".format(IP1_C2) + if re.search(rs, results['VPNClient1_traceroute_C3']): + rs = r"2 {}".format(IP_C3) + if re.search(rs, results['VPNClient1_traceroute_C3']): + score += 1 + else: + hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") + pass + else: + hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") + pass + # C3 + rs = r"1 {}".format(IP2_C2) + if re.search(rs, results['VPNClient3_traceroute_C1']): + rs = r"2 {}".format(IP_C1) + if re.search(rs, results['VPNClient3_traceroute_C1']): + score += 1 + else: + hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") + pass + else: + hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") + pass + if score > 10 : + score -= 1 + score = int(score) + return score, hints + + +def prepare_disks(templates, task_params, global_params): + write_default_config(templates['simpleArbiterDhcp'], global_params) + + -- cgit v1.2.1