#!/usr/bin/env python # -*- coding: utf-8 -*- # kpov_random_helpers should be imported by add_assignment.py instructions = { 'si':u""" Postavi tri navidezne racunalnike - SimpleArbiter z diska SimpleArbiterVPN ter VPNClient1 in VPNClient2, ki jima nastavite pravilne mrežne nastavitve (medsebojna povezava in povezava na splet). Na vse racunalnike namestite OpenVPN in program za nadzor nad virtualnimi napravami (s katerim kreirate napravo tap). Na strežniku SimpleArbiterVPN že teče VPN strežnik, ki uporablja skrivnost, ki jo najdete tudi na VPNClient1. Na VPNClient1 vzpostavite VPN tako, da napišete primerno konf. datoteko. Nato poskrbite, da bo VPNClient1 na navideznem omrežju prek NFS omogočil dostop do imenika /home/tester/DIRNAME, pri čemer DIRNAME preberite na SimpleArbiter. V ta imenik skopirajte datoteke, ki so prek SMB dostopne na SimpleArbiter. """, 'en':u""" Setup three virtual machines - SimpleArbiterVPN and two VPN clients (VPNClient1, VPNClient2). Set both clients network cards so that they will have access to internal network and internet. Install OpenVPN to all three machines and a program for supervising virtual devices (which you will use to create device tap). Server SimpleArbiterVPN should generate a common secret (*.key), which you should save to /vpn directory and use on VPNClient together with configuration file for OpenVPN connection. After that make sure that VPNClient has enabled access to /home/test/DIRNAME over NFS on it's virtual connection. You will get IME_IMENIKA from SimpleArbiter. Copy files that should be available from AimpleArbiter over SMB to IME_IMENIKA. """ } computers = { # SimpleArbiter needs to have the package nmap installed # http://linux.die.net/man/1/nmap 'SimpleArbiter': { 'disks': [ { 'name': 'SimpleArbiterVPN', # attempt automount }, #{ 'name': 'CDROM', # 'options': {'readonly': True}, # 'parts': [{'dev': 'b1', 'path': '/cdrom'}], #}, ], 'network_interfaces': [ { 'network': 'test-net' }, { 'network': 'net1' } ], 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient1': { 'disks': [ { 'name': 'VPNClient1', }, #{ 'name': 'CDROM', # 'options':{'readonly': True}, # 'parts': [],# no parts, no mounting. #} ], 'network_interfaces': [ { 'network': 'net1' } ], 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient2': { 'disks': [ { 'name': 'VPNClient2', }, #{ 'name': 'CDROM', # 'options':{'readonly': True}, # 'parts': [],# no parts, no mounting. #} ], 'network_interfaces': [ { 'network': 'net1' } ], 'flavor': 'm1.tiny', 'config_drive': False } } networks = { 'test-net': { 'public': True }, # Used for the VPN tunnel 'net1': { 'public': False } } #Tukaj sem generiral tri parametre, prosil bi če se upoštevajo pri Tasku. params_meta = { 'IP_SimpleArbiterVPN': {'descriptions':{'si':'IP za SimpleArbiter'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True}, 'IP_VPNArbiter': {'descriptions':{'si':'IP za SimpleArbiter na VPN'}, 'w': False, 'public': False, 'type': 'IP', 'generated': True}, 'IP_VPNClient1': {'descriptions':{'si':'IP za 1. klienta'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True}, 'IP_VPNClient2': {'descriptions':{'si':'IP za 2. klienta'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True}, 'DIRNAME': {'descriptions':{'si':'Imenik, dostopen prek NFS'}, 'w': False, 'public': True, 'type': 'IP', 'generated': True}, 'secret_random_seed': {'descriptions':{'si':'Seme za skrivnost'}, 'w': False, 'public': False, 'type': None, 'generated': True}, } def task(IP_SimpleArbiterVPN, IP_VPNClient1, IP_VPNClient2, DIRNAME): import pxssh # Used to set up an SSH connection to a remote machine #import pexpect # Allows the script to spawn a child application and control it as if a human were typing commands # The necessary things we need to check if the task was performed correctly results = dict() # The login params (these must be used on the machines!) peer_user = 'student' peer_passwd = 'vaje' ### # Sets up the SSH connections to the machines ### # SimpleArbiter sA = pxssh.pxssh() # VPNClient1 sC1 = pxssh.pxssh() # VPNClient2 sC2 = pxssh.pxssh() # Logs in to the machines with the default login params sA.login( IP_SimpleArbiterVPN, peer_user, peer_passwd ) sC1.login( IP_VPNClient1, peer_user, peer_passwd ) sC2.login( IP_VPNClient2, peer_user, peer_passwd ) ###### # sA ###### # Check if the VPN is set up # Returns 1 if ok, else 0 sA.sendline('ls /sys/class/net/ | grep -ci "tap0"') sA.prompt() output = sA.before output.split('\n')[1] results['SimpleArbiter_is_VPN_set_up'] = output # Check if the VPN server is running # Returns 1 if ok, else 0 sA.sendline('ls /sys/class/net | grep -ci "tun0"') sA.prompt() output = sA.before output.split('\n')[1] results['SimpleArbiter_is_VPN_running'] = output # Pings each of the clients # 10.8.0.6 and 10.8.0.10 are the first two default addresses distributed by OpenVPN # Will output everything ping outputs (set to ping 3 times) sA.sendLine('ping -c 3 10.8.0.6') sA.prompt() output = sA.before results['SimpleArbiter_ping_C1'] = output sA.sendLine('ping -c 3 10.8.0.10') sA.prompt() output = sA.before results['SimpleArbiter_ping_C2'] = output ### # Check if both clients are connected to the correct VPN # (check if first 24 bits of IP addr are the same as the IP of the VPN server) ### # User must be root sA.sendline('id -u') sA.prompt() uid = sA.before.split('\n') uid = uid[1].rstrip() # If it isn't root if ( uid != "0" ): print "SimpleArbiter user must be root to continue with this step" # If it is, we continue else: # Check if nmap is installed sA.sendline('dpkg-query -W nmap') sA.prompt() lines = sA.before.split('\n') line = lines[1] # If it isn't if ( len(line.rstrip()) == 4 ): # returns "nmap\r\n" if package isn't installed print "Computer SimpleArbiter must have nmap installed" else: sA.sendline('') #sA.wait() # For some reason this hangs sA.expect(".*#") # Expecting a new line prompt (root's prompt ends with a #) # Run nmap on the VPN network sA.sendline('nmap -sP 10.8.0.0/24') sA.prompt() results['SimpleArbiter_nmap_results'] = sA.before # Checks if .key file is in the /vpn directory sA.sendline('ls /vpn | egrep "\.key"') sA.prompt() output = sA.before results['SimpleArbiter_dir_vpn_contents'] = output # Checks if NFS access control list allows directory /home/test/IME_IMENIKA sA.sendline('cat /etc/exports') sA.prompt() output = sA.before results['SimpleArbiter_nfs_access_control_list'] = output ###### # sC1 ###### # Ping the VPN server sC1.sendLine('ping -c 3 {0}'.format( IP_SimpleArbiterVPN )) sC1.prompt() output = sC1.before results['VPNClient1_ping_VPN_server'] = output ###### # sC2 ###### # Ping the VPN server sC2.sendLine('ping -c 3 {0}'.format( IP_SimpleArbiterVPN )) sC2.prompt() output = sC2.before results['VPNClient2_ping_VPN_server'] = output sA.logout() sC1.logout() sC2.logout() return results def gen_params(user_id, params_meta): params = dict() #Tukaj sem generiral te tri parametre (ime skupne skrivnosti je heidi ) #(ime imenika kjer naj bo shranjena skupna skrivnost naj bo openvpn) #(HASH bo naključno generiran niz iz user_id s katerim se bo preverjalo plagiatorstvo) import random r = random.Random(user_id) net = kpov_random_helpers.IPv4_subnet_gen(r, '10.168.0.0/16', 24) params['IP_VPNClient1'], params['IP_VPNClient2'], params['IP_VPNArbiter'] = kpov_random_helpers.IPv4_addr_gen(r, net, 3) params['DIRNAME'] = kpov_random_helpers.fname_gen(r, extension=False) params['secret_random_seed']=str(r.random()) return params def task_check(results, params): import re #nastavil score na 0 iz -9 score = 0 if results['NM_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_NM'])) > -1: score += 3 if results['SimpleArbiter_VPN_is_set_up'] == 1: score += 3 if results['SimpleArbiter_VPN_is_running'] == 1: score +=3 #zal si se nisem prišla na jasno s pingi #if results['SimpleArbiter_ping_C1'] .find(Server:\t\t{0}\r'.format(params[]) if results['static_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_static'])) > -1: score += 3 if re.search(r'eth0 +802-.*connected', results['NM_nmcli']): score += 2 if not re.search(r'eth0 +802-.*connected', results['static_nmcli']): score += 2 # to stran # score = 0 return score def prepare_disks(templates, params): #d = templates['simpleArbiterDhcp'] #guestmount -a d -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt #asistent je pocasnela :) import random r = random.Random(params['secret_random_seed']) s = "\n".join([ "".join([r.choice("0123456789abcdef") for i in xrange(16)]) for i in xrange(16)]) s = """-----BEGIN OpenVPN Static key V1----- {} -----END OpenVPN Static key V1----- """.format(s) keyfile = kpov_random_helpers.fname_gen(r, extension=False) + ".key" templates['SimpleArbiterVPN'].write("/etc/openvpn/secret.key", s) netaddr_s = """auto tap0 iface tap0 inet static address {} netmask 255.255.255.0 """.format(params['IP_VPNArbiter']) templates['SimpleArbiterVPN'].write_append("/etc/network/interfaces", netaddr_s) templates['VPNClient1'].write("/home/student/" + keyfile, s) templates['VPNClient1'].chown("student", "student", "/home/student/" + keyfile)