#!/usr/bin/env python # -*- coding: utf-8 -*- # kpov_random_helpers should be imported by add_assignment.py instructions = { 'si':""" Postavi 4 navidezne računalnike - SimpleArbiter z diska simpleArbiterDhcp, A, B ter C. Na računalnikih A, B in C ustvari uporabnika test z geslom test. Poskrbi, da bodo vsi štirje na istem navideznem fizičnem omrežju. Naslov omrežja (NET_PHYS) ter naslove (IP_A, IP_B, IP_C) preberi na SimpleArbiter. S pomočjo OpenVPN postavi navidezno omrežje med A in B na naslovih NET_VPN1. Nato s pomočjo OpenVPN postavi še navidezno omrežje med B in C na naslovih NET_VPN2. Poskrbi, da bo promet z A prek VPN prišel do C in obratno. Za avtentikacijo uporabi skupne skrivnosti, ki jih prebereš na SimpleArbiter - med A in B SECRET_AB ter med B in C SECRET_BC. """ } computers = { 'SimpleArbiter': { 'disks': [ { 'name': 'simpleArbiterDhcp', } ], 'network_interfaces': [ { 'network': 'nat' }, { 'network': 'net1' } ], 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient1': { 'disks': [ { 'name': 'student-VPNClient1', } ], 'network_interfaces': [ { 'network': 'net1' }, { 'network': 'vpnAB' } ], 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient2': { 'disks': [ { 'name': 'student-VPNClient2', } ], 'network_interfaces': [ { 'network': 'net1' }, { 'network': 'vpnAB' }, { 'network': 'vpnBC' } ], 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient3': { 'disks': [ { 'name': 'student-VPNClient3', } ], 'network_interfaces': [ { 'network': 'net1' }, { 'network': 'vpnBC' } ], 'flavor': 'm1.tiny', 'config_drive': False } } networks = { 'nat': { 'public': True }, 'net1': { 'public': True }, # Used for VPN 'vpnAB': { 'public': False }, 'vpnBC': { 'public': False } } #Tukaj sem generiral osem parametrov, prosil bi če se upoštevali pri Tasku. params_meta = { 'IP_VPNClient1': {'descriptions':{'si':'IP klienta A na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, 'IP_LANClient1': {'descriptions':{'si':'IP klienta A na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, 'IP1_VPNClient2': {'descriptions':{'si':'1. IP klienta B na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, 'IP2_VPNClient2': {'descriptions':{'si':'2. IP klienta B na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, 'IP_LANClient2': {'descriptions':{'si':'IP klienta B na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, 'IP_VPNClient3': {'descriptions':{'si':'IP klienta C na VPN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': True}, 'IP_LANClient3': {'descriptions':{'si':'IP klienta C na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False}, 'IP_SimpleArbiterLAN': {'descriptions':{'si':'IP za SimpleArbiter na LAN'}, 'w': True, 'public': True, 'type': 'IP', 'generated': False} } def task(IP_SimpleArbiterLAN, IP_VPNClient1, IP_LANClient1, IP1_VPNClient2, IP2_VPNClient2, IP_LANClient2, IP_VPNClient3, IP_LANClient3): from pexpect import pxssh # Used to set up an SSH connection to a remote machine import pexpect # Allows the script to spawn a child application and control it as if a human were typing commands # The necessary things we need to check if the task was performed correctly results = dict() # The login params (these must be used on the machines!) peer_user = 'test' peer_passwd = 'test' ### # Sets up the SSH connections to the machines ### # VPNClient1 sC1 = pxssh.pxssh() # Logs in to the machines with the default login params sC1.login( IP_LANClient1, peer_user, peer_passwd ) ###### # Ukazi za A ###### # ifconfig -a sC1.sendline('/sbin/ifconfig -a') sC1.prompt() results['VPNClient1_ifconfig'] = sC1.before # route -n sC1.sendline('/sbin/route -n') sC1.prompt() results['VPNClient1_route'] = sC1.before # ping C2 sC1.sendline('ping -c 3 {}'.format(IP1_VPNClient2)) sC1.prompt() results['VPNClient1_ping1_C2'] = sC1.before sC1.sendline('ping -c 3 {}'.format(IP2_VPNClient2)) sC1.prompt() results['VPNClient1_ping2_C2'] = sC1.before # ping C3 sC1.sendline('ping -c 3 {}'.format(IP_VPNClient3)) sC1.prompt() results['VPNClient1_ping_C3'] = sC1.before # traceroute na C sC1.sendline('traceroute {}'.format(IP_VPNClient3)) sC1.prompt() results['VPNClient1_traceroute_C3'] = sC1.before sC1.logout() ###### # Ukazi za B ###### # VPNClient2 sC2 = pxssh.pxssh() sC2.login( IP_LANClient2, peer_user, peer_passwd ) # ifconfig -a sC2.sendline('/sbin/ifconfig -a') sC2.prompt() results['VPNClient2_ifconfig'] = sC2.before # route -n sC2.sendline('/sbin/route -n') sC2.prompt() results['VPNClient2_route'] = sC2.before # ping C2 sC2.sendline('ping -c 3 {}'.format(IP_VPNClient1)) sC2.prompt() results['VPNClient2_ping_C1'] = sC2.before # ping C3 sC2.sendline('ping -c 3 {}'.format(IP_VPNClient3)) sC2.prompt() results['VPNClient2_ping_C3'] = sC2.before sC2.logout() ###### # Ukazi za C ###### # VPNClient3 sC3 = pxssh.pxssh() sC3.login( IP_LANClient3, peer_user, peer_passwd ) # ifconfig -a sC3.sendline('/sbin/ifconfig -a') sC3.prompt() results['VPNClient3_ifconfig'] = sC3.before # route -n sC3.sendline('/sbin/route -n') sC3.prompt() results['VPNClient3_route'] = sC3.before # ping C2 sC3.sendline('ping -c 3 {}'.format(IP2_VPNClient2)) sC3.prompt() results['VPNClient3_ping_C2'] = sC3.before # ping C3 sC3.sendline('ping -c 3 {}'.format(IP_VPNClient1)) sC3.prompt() results['VPNClient3_ping_C1'] = sC3.before # traceroute na C sC3.sendline('traceroute {}'.format(IP_VPNClient1)) sC3.prompt() results['VPNClient3_traceroute_C1'] = sC3.before sC3.logout() return results def gen_params(user_id, params_meta): params = dict() import random r = random.Random(user_id) net = kpov_random_helpers.IPv4_subnet_gen(r, '10.70.0.0/16', 24) params['IP_VPNClient1'], params['IP1_VPNClient2'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2) net = kpov_random_helpers.IPv4_subnet_gen(r, '10.50.0.0/16', 24) params['IP_VPNClient3'], params['IP2_VPNClient2'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2) return params def task_check(results, params): import re score = 0 hints = [] IP_C1 = params['IP_VPNClient1'].replace('.', '\.') IP1_C2 = params['IP1_VPNClient2'].replace('.', '\.') IP2_C2 = params['IP2_VPNClient2'].replace('.', '\.') IP_C3 = params['IP_VPNClient3'].replace('.', '\.') # testi za ifconfig # C1 rs = r"tun0.*\n.*inet.*{}".format(IP_C1) if re.search(rs, results['VPNClient1_ifconfig']): score += 1 else: hints.append("ifconfig on VPNClient1 is not OK") pass # C2 rs = r"tun.*\n.*inet.*{}".format(IP1_C2) if re.search(rs, results['VPNClient2_ifconfig']): rs = r"tun.*\n.*inet.*{}".format(IP2_C2) if re.search(rs, results['VPNClient2_ifconfig']): score += 1 else: hints.append("ifconfig on VPNClient2 is not OK") pass else: hints.append("ifconfig on VPNClient2 is not OK") pass # C3 rs = r"tun0.*\n.*inet.*{}".format(IP_C3) if re.search(rs, results['VPNClient3_ifconfig']): score += 1 else: hints.append("ifconfig on VPNClient3 is not OK") pass # testi za route # C1 rs = r"{}.*tun0".format(IP1_C2) if IP_C3[:-1].endswith('.'): ASD = IP_C3[:-1]+"0" elif IP_C3[:-2].endswith('.'): ASD = IP_C3[:-2]+"0" else: ASD = IP_C3[:-3]+"0" if re.search(rs, results['VPNClient1_route']): rs = r"{} {}.*tun0".format(ASD, IP1_C2) if re.search(rs, results['VPNClient1_route']): score += 1 else: hints.append("route on VPNClient1 is not OK") else: hints.append("route on VPNClient1 is not OK") pass # C2 rs = r"{}.*tun".format(IP_C1) if re.search(rs, results['VPNClient2_route']): rs = r"{}.*tun".format(IP_C3) if re.search(rs, results['VPNClient2_route']): score += 1 else: hints.append("route on VPNClient2 is not OK") else: hints.append("route on VPNClient2 is not OK") pass # C3 rs = r"{}.*tun0".format(IP2_C2) if IP_C1[:-1].endswith('.'): ASD = IP_C1[:-1]+"0" elif IP_C1[:-2].endswith('.'): ASD = IP_C1[:-2]+"0" else: ASD = IP_C1[:-3]+"0" if re.search(rs, results['VPNClient3_route']): rs = r"{} {}.*tun0".format(ASD, IP2_C2) if re.search(rs, results['VPNClient3_route']): score += 1 else: hints.append("route on VPNClient3 is not OK") else: hints.append("route on VPNClient3 is not OK") pass # testi za ping # C1 rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP1_C2) if re.search(rs, results['VPNClient1_ping1_C2']): score += 0.5 else: hints.append("ping from VPNClient1 to VPNClient2 is not OK") pass rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C3) if re.search(rs, results['VPNClient1_ping_C3']): score += 0.5 else: hints.append("ping from VPNClient1 to VPNClient3 is not OK") pass # C2 rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C1) if re.search(rs, results['VPNClient2_ping_C1']): score += 0.5 else: hints.append("ping from VPNClient2 to VPNClient1 is not OK") pass rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C3) if re.search(rs, results['VPNClient2_ping_C3']): score += 0.5 else: hints.append("ping from VPNClient2 to VPNClient3 is not OK") pass # C3 rs = r"64 bytes from {}: icmp_seq=[0-9]+ ttl=[0-9]+ time=\d+\.\d+ ms".format(IP_C1) if re.search(rs, results['VPNClient3_ping_C1']): score += 0.5 else: hints.append("ping from VPNClient3 to VPNClient1 is not OK") pass rs = r"64 bytes from {}: icmp_seq=1 ttl=[0-9]+ time=\d+\.\d+ ms".format(IP2_C2) if re.search(rs, results['VPNClient3_ping_C2']): score += 0.5 else: hints.append("ping from VPNClient3 to VPNClient2 is not OK") pass #score = int(score) # testi za tracetoute # C1 rs = r"1 {}".format(IP1_C2) if re.search(rs, results['VPNClient1_traceroute_C3']): rs = r"2 {}".format(IP_C3) if re.search(rs, results['VPNClient1_traceroute_C3']): score += 1 else: hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") pass else: hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") pass # C3 rs = r"1 {}".format(IP2_C2) if re.search(rs, results['VPNClient3_traceroute_C1']): rs = r"2 {}".format(IP_C1) if re.search(rs, results['VPNClient3_traceroute_C1']): score += 1 else: hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") pass else: hints.append("traceroute from VPNClient1 to VPNClient3 is not OK") pass if score > 10 : score -= 1 score = int(score) return score, hints def prepare_disks(templates, task_params, global_params): write_default_config(templates['simpleArbiterDhcp'], global_params)