Optional password function added
This commit is contained in:
parent
f5aa131048
commit
93a88fc322
12
README.md
12
README.md
@ -9,7 +9,7 @@ The server awaits commands sent by the client. A command must be defined in the
|
||||
The authentication is done by an SSL Client Certificate signed by an (own generated) Certificate Authority. The scripts for generating a CA and signing a Server/Client Certificate are also in here to make it (relatively) easy. [ You need only to press enter in the most cases, type in some certificate information and entering a previously defined CA password. ]
|
||||
|
||||
## Pic or didn't happen
|
||||
![Screenshot of CircleArt](/img/dingScreenshot.png)
|
||||
![Screenshot of ding](/img/dingScreenshot.png)
|
||||
[Can't read a thing?](https://raw.githubusercontent.com/Bandie/ding/master/img/dingScreenshot.png)
|
||||
|
||||
## Installation
|
||||
@ -23,4 +23,14 @@ In all steps please read carefully what the certification generate scripts want
|
||||
6. Start the server using `./ding_server`. You may want to put this in a tmux session ([Ctrl+B, D] ;) ).
|
||||
7. Try out the client using `./ding_client <command>`.
|
||||
|
||||
## Optional: Cleartext password with timeout
|
||||
If you want to be sure that the ability of the remote connection won't be abused by bad people using your computer, you may want to add a password.
|
||||
|
||||
To do so:
|
||||
|
||||
1. Open your `ding_server.cfg`.
|
||||
2. Set `pw_on=true`.
|
||||
3. Set a password, like `password=abc def`.
|
||||
4. Set a password timeout: `pwtimeout=10` for 10 seconds.
|
||||
|
||||
If you have a password with special characters like spaces or something else, you might want to embrace the password in quotation marks, like `./ding_client "abc def"`.
|
||||
|
@ -44,6 +44,12 @@ def send(conn, cmd):
|
||||
elif(buf == b"ERR CMD_ERR"):
|
||||
print("Error. Server said: The command doesn't work because the file doesn't exist on the server.")
|
||||
exitcode = 2
|
||||
elif(buf == b"ERR PW"):
|
||||
print("Error. Password required. The password was wrong.")
|
||||
exitcode = 4
|
||||
elif(b"OK PW" in buf):
|
||||
bufr=str(buf.decode('utf-8'))
|
||||
print("Password accepted. Timeout:", bufr.replace("OK PW ",""), "seconds.")
|
||||
|
||||
else:
|
||||
conn.sendall(b"NO.")
|
||||
|
89
ding_server
89
ding_server
@ -3,7 +3,7 @@
|
||||
# Author: Bandie Canis
|
||||
# License: 2-Clause BSD license
|
||||
|
||||
import ssl, socket, subprocess, time
|
||||
import ssl, socket, subprocess, time, os
|
||||
import configparser
|
||||
|
||||
CONFIG = "ding_server.cfg"
|
||||
@ -12,29 +12,37 @@ def getTimestamp():
|
||||
t = "[" + time.strftime("%Y-%m-%d %H:%M:%S") + "]"
|
||||
return t
|
||||
|
||||
def execFromConfig(option):
|
||||
def execFromConfig(option, pw=False):
|
||||
cfg = configparser.SafeConfigParser()
|
||||
cfg.read(CONFIG)
|
||||
|
||||
try:
|
||||
cmd = cfg.get("Commands", option).replace("\"", "").replace("\'", "")
|
||||
cmd = cmd.split(" ")
|
||||
if(pw):
|
||||
if(option == password):
|
||||
return 4
|
||||
else:
|
||||
return 5
|
||||
|
||||
|
||||
else:
|
||||
|
||||
try:
|
||||
subprocess.Popen(cmd)
|
||||
return 0
|
||||
cmd = cfg.get("Commands", option).replace("\"", "").replace("\'", "")
|
||||
cmd = cmd.split(" ")
|
||||
try:
|
||||
subprocess.Popen(cmd)
|
||||
return 0
|
||||
|
||||
except FileNotFoundError:
|
||||
print(getTimestamp(), "Can't execute", cmd, ". File not found.")
|
||||
return 2
|
||||
except FileNotFoundError:
|
||||
print(getTimestamp(), "Can't execute", cmd, ". File not found.")
|
||||
return 2
|
||||
|
||||
except configparser.NoOptionError:
|
||||
print(getTimestamp(), "No execution set:", option)
|
||||
return 1
|
||||
except configparser.NoOptionError:
|
||||
print(getTimestamp(), "No execution set:", option)
|
||||
return 1
|
||||
|
||||
|
||||
|
||||
def main():
|
||||
|
||||
while True:
|
||||
newsocket, fromaddr = bindsocket.accept()
|
||||
try:
|
||||
@ -44,10 +52,16 @@ def main():
|
||||
|
||||
con_loop = True
|
||||
while con_loop:
|
||||
global tmppw_on, pw_on, pwtimeout
|
||||
if('timeout' in locals() and timeout<time.time()):
|
||||
del timeout
|
||||
tmppw_on=pw_on
|
||||
print(getTimestamp(), "Locked.")
|
||||
|
||||
try:
|
||||
buf = connstream.recv(1024)
|
||||
if not buf: break
|
||||
buf = buf.decode("utf-8").upper()
|
||||
buf = buf.decode("utf-8")
|
||||
except ssl.SSLEOFError:
|
||||
print(getTimestamp(), "SSL-EOF-Error.")
|
||||
con_loop = False
|
||||
@ -55,15 +69,29 @@ def main():
|
||||
print(getTimestamp(), "Connection reset.")
|
||||
serve()
|
||||
|
||||
print(getTimestamp(), " ", fromaddr[0], ": ", buf, sep="")
|
||||
|
||||
retval = execFromConfig(buf)
|
||||
if(retval == 0):
|
||||
connstream.send(b"OK CMD")
|
||||
elif(retval == 1):
|
||||
connstream.send(b"ERR NO_CMD")
|
||||
elif(retval == 2):
|
||||
connstream.send(b"ERR CMD_ERR")
|
||||
|
||||
if(tmppw_on):
|
||||
retval = execFromConfig(buf, True)
|
||||
if(retval == 5):
|
||||
print(getTimestamp(), " ", fromaddr[0], ": Wrong Password.", sep="")
|
||||
connstream.send(b"ERR PW")
|
||||
if(retval == 4):
|
||||
print(getTimestamp(), " ", fromaddr[0], ": Unlocked for ", pwtimeout, "sec.", sep="")
|
||||
pwokstr = "OK PW " + str(pwtimeout)
|
||||
connstream.send(bytes(pwokstr, "utf-8"))
|
||||
timeout=time.time() + pwtimeout
|
||||
tmppw_on = False
|
||||
|
||||
else:
|
||||
print(getTimestamp(), " ", fromaddr[0], ": ", buf, sep="")
|
||||
retval = execFromConfig(buf)
|
||||
if(retval == 0):
|
||||
connstream.send(b"OK CMD")
|
||||
elif(retval == 1):
|
||||
connstream.send(b"ERR NO_CMD")
|
||||
elif(retval == 2):
|
||||
connstream.send(b"ERR CMD_ERR")
|
||||
|
||||
|
||||
except ssl.SSLError as e:
|
||||
@ -74,7 +102,7 @@ def main():
|
||||
|
||||
def init():
|
||||
|
||||
global host, port, cafile, certfile, keyfile, context, bindsocket
|
||||
global host, port, cafile, certfile, keyfile, pw_on, password, pwtimeout, tmppw_on, context, bindsocket
|
||||
|
||||
cfg = configparser.SafeConfigParser()
|
||||
cfg.read(CONFIG)
|
||||
@ -85,6 +113,14 @@ def init():
|
||||
cafile=cfg.get("Security", "cafile").replace("\"","").replace("\'","")
|
||||
certfile=cfg.get("Security", "certfile").replace("\"","").replace("\'","")
|
||||
keyfile=cfg.get("Security", "keyfile").replace("\"","").replace("\'","")
|
||||
pw_on=cfg.get("Security", "pw_on").replace("\"","").replace("\'","")
|
||||
password=cfg.get("Security", "password").replace("\"","").replace("\'","")
|
||||
pwtimeout=int(cfg.get("Security", "pwtimeout").replace("\"","").replace("\'",""))
|
||||
if(pw_on.upper() == "TRUE"):
|
||||
pw_on = True
|
||||
else:
|
||||
pw_on = False
|
||||
tmppw_on=pw_on
|
||||
except configparser.NoOptionError as e:
|
||||
print("Error in configuration file:", e)
|
||||
quit(1)
|
||||
@ -120,9 +156,12 @@ def init():
|
||||
"\nCAFile: ", cafile,
|
||||
"\nCertfile: ", certfile,
|
||||
"\nKeyfile: ", keyfile,
|
||||
"\nPassword lock: ", pw_on,
|
||||
"\nPassword timeout: ", pwtimeout,
|
||||
"\n===========",
|
||||
sep="")
|
||||
|
||||
|
||||
|
||||
|
||||
if(__name__ == "__main__"):
|
||||
|
||||
|
@ -12,6 +12,21 @@ certfile=ding_server.crt
|
||||
# Server's private key
|
||||
keyfile=ding_server.key
|
||||
|
||||
## Optional cleartext password
|
||||
# To unlock the commands you need to send the password before sending the command.
|
||||
# Example:
|
||||
# $ ./ding_client "My password"
|
||||
# $ ./ding_client lock
|
||||
|
||||
# Password on? (true/false)
|
||||
pw_on=false
|
||||
|
||||
# Password (if you use spaces or other stuff you need to embrace the password in quotation marks, like ./ding_client "abc def"
|
||||
password=abc def
|
||||
|
||||
# Password timeout in seconds
|
||||
pwtimeout=10
|
||||
|
||||
|
||||
[Commands]
|
||||
# Syntax:
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 102 KiB |
Loading…
Reference in New Issue
Block a user