Compare commits
18 Commits
Author | SHA1 | Date |
---|---|---|
Bandie | d0db0a7d94 | |
Bandie | 384c7368b2 | |
Bandie | 63e52b8c3e | |
Bandie | 4622833ff5 | |
Bandie | 57fb2f7b99 | |
Bandie | 3e7f23ccd1 | |
Bandie | abf6a0f563 | |
Bandie | 6687604446 | |
Bandie | 1a3e532b29 | |
Bandie | 36dd610965 | |
Bandie | 2141418097 | |
Bandie | 6d24484430 | |
Bandie | 9b03d6f928 | |
Bandie | dc027362f0 | |
Bandie | 406accc716 | |
Bandie | 72c68cabde | |
Bandie | a7d27c5ee9 | |
Bandie | 600524809c |
|
@ -1,28 +1,28 @@
|
|||
#!/bin/bash
|
||||
|
||||
## Server private key
|
||||
echo -n "Where to save your server's key file? ($PWD/ding_server.key): "
|
||||
echo -n "Where to save your server's key file? ($PWD/dingd.key): "
|
||||
read temp
|
||||
|
||||
if [ -n "$temp" ]
|
||||
then
|
||||
save=$temp
|
||||
else
|
||||
save="$PWD/ding_server.key"
|
||||
save="$PWD/dingd.key"
|
||||
fi
|
||||
key=$save
|
||||
openssl genrsa -out $save 4096
|
||||
|
||||
|
||||
## CSR
|
||||
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/ding_server.csr): "
|
||||
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/dingd.csr): "
|
||||
read temp
|
||||
|
||||
if [ -n "$temp" ]
|
||||
then
|
||||
save=$temp
|
||||
else
|
||||
save="$PWD/ding_server.csr"
|
||||
save="$PWD/dingd.csr"
|
||||
fi
|
||||
csr=$save
|
||||
echo -e "\033[01;33mPlease enter some information. THEY MUST BE DIFFERENT FROM THE CA's INFORMATION.\033[00m"
|
||||
|
@ -50,14 +50,14 @@ else
|
|||
loadCAkey="$PWD/CA.key"
|
||||
fi
|
||||
|
||||
echo -n "Where to save your signed server certificate? ($PWD/ding_server.crt): "
|
||||
echo -n "Where to save your signed server certificate? ($PWD/dingd.crt): "
|
||||
read temp
|
||||
|
||||
if [ -n "$temp" ]
|
||||
then
|
||||
save=$temp
|
||||
else
|
||||
save="$PWD/ding_server.crt"
|
||||
save="$PWD/dingd.crt"
|
||||
fi
|
||||
|
||||
echo -n "How many days should the certificate be valid? (365): "
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
#!/bin/bash
|
||||
|
||||
## Server private key
|
||||
echo -n "Where to save your client's key file? ($PWD/ding_client.key): "
|
||||
echo -n "Where to save your client's key file? ($PWD/ding.key): "
|
||||
read temp
|
||||
|
||||
if [ -n "$temp" ]
|
||||
then
|
||||
save=$temp
|
||||
else
|
||||
save="$PWD/ding_client.key"
|
||||
save="$PWD/ding.key"
|
||||
fi
|
||||
key=$save
|
||||
openssl genrsa -out $save 4096
|
||||
|
||||
|
||||
## CSR
|
||||
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/ding_client.csr): "
|
||||
echo -n "Where to save your Certificate Signing Request (CSR)? ($PWD/ding.csr): "
|
||||
read temp
|
||||
|
||||
if [ -n "$temp" ]
|
||||
then
|
||||
save=$temp
|
||||
else
|
||||
save="$PWD/ding_client.csr"
|
||||
save="$PWD/ding.csr"
|
||||
fi
|
||||
csr=$save
|
||||
echo -e "\033[01;33mPlease enter some information. THEY MUST BE DIFFERENT FROM THE CA's AND SERVER's INFORMATION.\033[00m"
|
||||
|
@ -50,14 +50,14 @@ else
|
|||
loadCAkey="$PWD/CA.key"
|
||||
fi
|
||||
|
||||
echo -n "Where to save your signed client certificate? ($PWD/ding_client.crt): "
|
||||
echo -n "Where to save your signed client certificate? ($PWD/ding.crt): "
|
||||
read temp
|
||||
|
||||
if [ -n "$temp" ]
|
||||
then
|
||||
save=$temp
|
||||
else
|
||||
save="$PWD/ding_client.crt"
|
||||
save="$PWD/ding.crt"
|
||||
fi
|
||||
|
||||
echo -n "How many days should the certificate be valid? (365): "
|
||||
|
|
2
LICENSE
2
LICENSE
|
@ -1,6 +1,6 @@
|
|||
BSD 2-Clause License
|
||||
|
||||
Copyright (c) 2017, Bandie Canis
|
||||
Copyright (c) 2017, Bandie <bandie@chaospott.de>
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
|
|
21
README.md
21
README.md
|
@ -12,8 +12,7 @@ The authentication is done via a SSL Client Certificate signed by an (self gener
|
|||
|
||||
|
||||
## Pic or didn't happen
|
||||
![Screenshot of ding](/img/dingScreenshot.png)
|
||||
[Can't read a thing?](https://raw.githubusercontent.com/Bandie/ding/master/img/dingScreenshot.png)
|
||||
![Screenshot of ding](https://git.chaospott.de/Bandie/ding/raw/branch/master/img/dingScreenshot.png)
|
||||
|
||||
|
||||
## Requirements
|
||||
|
@ -28,13 +27,15 @@ Step 1 to 3 can only be run on UNIX or GNU/Linux.
|
|||
1. Run `./1_generateCA.sh` to generate a CA.
|
||||
2. Run `./2_generateServCert.sh` to generate a signed Server Certificate.
|
||||
3. Run `./3_generateClientCert.sh` to generate a signed Client Certificate.
|
||||
4. Move `ding_client`, `ding_client.cfg`, `ding_client.crt`, `ding_client.key` and `CA.crt` to the computer which should be able to send commands to the server.
|
||||
* UNIX or GNU/Linux: Also move `ding_client.cfg` to that computer.
|
||||
* Windows: Also move `ding_client.win.cfg` to that computer.
|
||||
5. Do some configuration on the server and client (`ding_server.cfg`, `ding_client.cfg` or `ding_server.win.cfg`, `ding_client.win.cfg` on Windows).
|
||||
6. Start the server using `./ding_server` or `python .\ding_server` on Windows. (You may want to put this in a tmux session. [Ctrl+B, D] ;) ).
|
||||
7. Try out the client using `./ding_client <command>` òr `python .\ding_client <command>` on Windows.
|
||||
4. Move `ding`, `ding.cfg`, `ding.crt`, `ding.key` and `CA.crt` to the computer which should be able to send commands to the server.
|
||||
* UNIX or GNU/Linux: Also move `ding.cfg` to that computer.
|
||||
* Windows: Also move `ding.win.cfg` to that computer.
|
||||
5. Do some configuration on the server and client (`dingd.cfg`, `ding.cfg` or `dingd.win.cfg`, `ding.win.cfg` on Windows).
|
||||
6. Start the server using `./dingd` or `python .\dingd` on Windows. (You may want to put this in a tmux session. [Ctrl+B, D] ;) ).
|
||||
7. Try out the client using `./ding <command>` òr `python .\ding <command>` on Windows.
|
||||
|
||||
### A word about the commands
|
||||
It works much better to use (bash) scripts instead of executing the commands directly.
|
||||
|
||||
## Optional: Cleartext password with timeout
|
||||
If you want to be sure that this power won't be abused by bad people using your computer, you may want to add a password (saved in cleartext).
|
||||
|
@ -45,9 +46,9 @@ You might want to do something like `$ history -c` after sending the password vi
|
|||
|
||||
### How to enable the password
|
||||
|
||||
1. Open your `ding_server.cfg` or `ding_server.win.cfg`.
|
||||
1. Open your `dingd.cfg` or `dingd.win.cfg`.
|
||||
2. Set `pw_on=true`.
|
||||
3. Set a password, like `password=abc def`.
|
||||
4. Set a password timeout: `pwtimeout=10` for 10 seconds.
|
||||
|
||||
If you have a password with special characters as in spaces and the like, you may want to use quotation marks around your password. `./ding_client "abc def"` or `python .\ding_client "abc def"` on Windows.
|
||||
If you have a password with special characters as in spaces and the like, you may want to use quotation marks around your password. `./ding "abc def"` or `python .\ding "abc def"` on Windows.
|
||||
|
|
|
@ -3,26 +3,32 @@
|
|||
# Author: Bandie Canis
|
||||
# License: 2-Clause BSD License
|
||||
|
||||
import sys, ssl, socket, os
|
||||
import sys, ssl, socket, os, getopt
|
||||
import configparser
|
||||
|
||||
|
||||
global exitcode
|
||||
host = None
|
||||
port = 0
|
||||
cafile = None
|
||||
certfile = None
|
||||
keyfile = None
|
||||
exitcode = 1
|
||||
|
||||
def readConfig():
|
||||
def init(conf):
|
||||
|
||||
if(os.name == 'nt'):
|
||||
CONFIG = "ding_client.win.cfg"
|
||||
if(conf == None):
|
||||
if(os.name == 'nt'):
|
||||
CONFIG = "ding.win.cfg"
|
||||
else:
|
||||
CONFIG = "ding.cfg"
|
||||
else:
|
||||
CONFIG = "ding_client.cfg"
|
||||
CONFIG = conf
|
||||
|
||||
cfg = configparser.SafeConfigParser()
|
||||
cfg = configparser.ConfigParser()
|
||||
try:
|
||||
cfg.read(CONFIG)
|
||||
|
||||
global host, port, cafile, certfile, keyfile
|
||||
|
||||
host = cfg.get("Client", "host")
|
||||
port = int(cfg.get("Client", "port"))
|
||||
|
||||
|
@ -30,7 +36,7 @@ def readConfig():
|
|||
certfile = cfg.get("Client", "certfile")
|
||||
keyfile = cfg.get("Client", "keyfile")
|
||||
except configparser.NoSectionError:
|
||||
print("No suitable config found. Expecting some config in", CONFIG)
|
||||
print("No suitable config found. Expecting some config in", CONFIG, file=sys.stderr)
|
||||
quit(3)
|
||||
|
||||
|
||||
|
@ -38,7 +44,7 @@ def send(conn, cmd):
|
|||
|
||||
conn.connect((host, port))
|
||||
buf = conn.recv(1024)
|
||||
if(buf == b"OK 1337\n"):
|
||||
if(buf == b"OK 1337\n"):
|
||||
conn.sendall(cmd)
|
||||
buf = conn.recv(1024)
|
||||
if(buf == b"OK CMD"):
|
||||
|
@ -47,10 +53,10 @@ def send(conn, cmd):
|
|||
print("Error. Server said: The command isn't set on the server.", file=sys.stderr)
|
||||
exitcode = 1
|
||||
elif(buf == b"ERR CMD_ERR"):
|
||||
print("Error. Server said: The command doesn't work because the file doesn't exist on the server.")
|
||||
print("Error. Server said: The command doesn't work because the file doesn't exist on the server.", file=sys.stderr)
|
||||
exitcode = 2
|
||||
elif(buf == b"ERR PW"):
|
||||
print("Error. Password required. The password was wrong.")
|
||||
print("Error. Password required. The password was wrong.", file=sys.stderr)
|
||||
exitcode = 4
|
||||
elif(b"OK PW" in buf):
|
||||
bufr=str(buf.decode('utf-8'))
|
||||
|
@ -61,10 +67,10 @@ def send(conn, cmd):
|
|||
print("The server seems to be crazy. Nothing sent.", file=sys.stderr)
|
||||
|
||||
conn.close()
|
||||
quit(exitcode)
|
||||
|
||||
|
||||
|
||||
def main():
|
||||
def main(arg):
|
||||
try:
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
|
@ -82,7 +88,7 @@ def main():
|
|||
|
||||
|
||||
try:
|
||||
send(conn, bytes(sys.argv[1], sys.stdin.encoding))
|
||||
send(conn, bytes(arg[0], sys.stdin.encoding))
|
||||
except IndexError:
|
||||
print(sys.argv[0], ": Missing argument.\nSyntax: ", sys.argv[0], " <COMMAND>", file=sys.stderr)
|
||||
except ConnectionRefusedError:
|
||||
|
@ -95,7 +101,16 @@ def main():
|
|||
|
||||
|
||||
if(__name__ == "__main__"):
|
||||
readConfig()
|
||||
main()
|
||||
quit(exitcode)
|
||||
try:
|
||||
conf = None
|
||||
opts, args = getopt.getopt(sys.argv[1:], "c:")
|
||||
for o, a in opts:
|
||||
if o == "-c":
|
||||
conf = a
|
||||
init(conf)
|
||||
main(args)
|
||||
except getopt.GetoptError as e:
|
||||
print("Error using options. Allowed options:\n-c [FILE] - Config file\n")
|
||||
quit(2)
|
||||
|
||||
quit(exitcode)
|
|
@ -5,6 +5,6 @@ port=13573
|
|||
|
||||
cafile=CA.crt
|
||||
#Client Certificate/key signed by the CA above
|
||||
certfile=ding_client.crt
|
||||
keyfile=ding_client.key
|
||||
certfile=ding.crt
|
||||
keyfile=ding.key
|
||||
|
|
@ -5,6 +5,6 @@ port=13573
|
|||
|
||||
cafile=CA.crt
|
||||
#Client Certificate/key signed by the CA above
|
||||
certfile=ding_client.crt
|
||||
keyfile=ding_client.key
|
||||
certfile=ding.crt
|
||||
keyfile=ding.key
|
||||
|
|
@ -3,24 +3,37 @@
|
|||
# Author: Bandie Canis
|
||||
# License: 2-Clause BSD license
|
||||
|
||||
import ssl, socket, subprocess, time, os
|
||||
import ssl, socket, subprocess, time, os, sys, getopt
|
||||
import configparser
|
||||
|
||||
CONFIG = None
|
||||
host = None
|
||||
port = 0
|
||||
cafile = None
|
||||
certfile = None
|
||||
keyfile = None
|
||||
pw_on = None
|
||||
password = None
|
||||
pwtimeout = 30
|
||||
tmppw_on = None
|
||||
context = None
|
||||
bindsocket = None
|
||||
|
||||
|
||||
|
||||
def getTimestamp():
|
||||
t = "[" + time.strftime("%Y-%m-%d %H:%M:%S") + "]"
|
||||
return t
|
||||
|
||||
def execFromConfig(option, pw=False):
|
||||
cfg = configparser.SafeConfigParser()
|
||||
cfg.read(CONFIG)
|
||||
cfg = configparser.ConfigParser()
|
||||
cfg.read(CONFIG)
|
||||
|
||||
if(pw):
|
||||
if(option == password):
|
||||
return 4
|
||||
else:
|
||||
return 5
|
||||
|
||||
|
||||
else:
|
||||
|
||||
|
@ -39,16 +52,14 @@ def execFromConfig(option, pw=False):
|
|||
print(getTimestamp(), "No execution set:", option)
|
||||
return 1
|
||||
|
||||
|
||||
|
||||
def main():
|
||||
while True:
|
||||
newsocket, fromaddr = bindsocket.accept()
|
||||
try:
|
||||
connstream = context.wrap_socket(newsocket, server_side=True)
|
||||
connstream = context.wrap_socket(newsocket, server_side=True)
|
||||
print(getTimestamp(), "Incoming connection:", fromaddr[0])
|
||||
connstream.send(b"OK 1337\n")
|
||||
|
||||
|
||||
con_loop = True
|
||||
while con_loop:
|
||||
global tmppw_on, pw_on, pwtimeout
|
||||
|
@ -56,7 +67,7 @@ def main():
|
|||
del timeout
|
||||
tmppw_on=pw_on
|
||||
print(getTimestamp(), "Locked.")
|
||||
|
||||
|
||||
try:
|
||||
buf = connstream.recv(1024)
|
||||
if not buf: break
|
||||
|
@ -67,9 +78,7 @@ def main():
|
|||
except ConnectionResetError:
|
||||
print(getTimestamp(), "Connection reset.")
|
||||
serve()
|
||||
|
||||
|
||||
|
||||
if(tmppw_on):
|
||||
retval = execFromConfig(buf, True)
|
||||
if(retval == 5):
|
||||
|
@ -81,7 +90,7 @@ def main():
|
|||
connstream.send(bytes(pwokstr, "utf-8"))
|
||||
timeout=time.time() + pwtimeout
|
||||
tmppw_on = False
|
||||
|
||||
|
||||
else:
|
||||
print(getTimestamp(), " ", fromaddr[0], ": ", buf, sep="")
|
||||
retval = execFromConfig(buf)
|
||||
|
@ -91,7 +100,6 @@ def main():
|
|||
connstream.send(b"ERR NO_CMD")
|
||||
elif(retval == 2):
|
||||
connstream.send(b"ERR CMD_ERR")
|
||||
|
||||
|
||||
except ssl.SSLError as e:
|
||||
print(getTimestamp(), e)
|
||||
|
@ -99,16 +107,19 @@ def main():
|
|||
except EOFError:
|
||||
print(getTimestamp(), "EOF")
|
||||
|
||||
def init():
|
||||
def init(cfg=None):
|
||||
|
||||
global CONFIG, host, port, cafile, certfile, keyfile, pw_on, password, pwtimeout, tmppw_on, context, bindsocket
|
||||
|
||||
if(os.name == 'nt'):
|
||||
CONFIG = "ding_server.win.cfg"
|
||||
else:
|
||||
CONFIG = "ding_server.cfg"
|
||||
|
||||
cfg = configparser.SafeConfigParser()
|
||||
if(cfg==None):
|
||||
if(os.name == 'nt'):
|
||||
CONFIG = "dingd.win.cfg"
|
||||
else:
|
||||
CONFIG = "dingd.cfg"
|
||||
else:
|
||||
CONFIG = cfg
|
||||
|
||||
cfg = configparser.ConfigParser()
|
||||
cfg.read(CONFIG)
|
||||
|
||||
try:
|
||||
|
@ -125,11 +136,10 @@ def init():
|
|||
else:
|
||||
pw_on = False
|
||||
tmppw_on=pw_on
|
||||
except configparser.NoOptionError as e:
|
||||
print("Error in configuration file:", e)
|
||||
except configparser.NoSectionError as e:
|
||||
print("Error in configuration file:", e, file=sys.stderr)
|
||||
quit(1)
|
||||
|
||||
|
||||
try:
|
||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=cafile)
|
||||
context.load_cert_chain(certfile=certfile, keyfile=keyfile)
|
||||
|
@ -155,11 +165,11 @@ def init():
|
|||
except PermissionError:
|
||||
print("Error: Can't bind for port number ", port, ". Permission denied.", sep="")
|
||||
quit(1)
|
||||
|
||||
print("Running ding server on ", host, ":", port,
|
||||
|
||||
print("Running dingd on ", host, ":", port,
|
||||
"\nConfig: ", CONFIG,
|
||||
"\nCAFile: ", cafile,
|
||||
"\nCertfile: ", certfile,
|
||||
"\nCAFile: ", cafile,
|
||||
"\nCertfile: ", certfile,
|
||||
"\nKeyfile: ", keyfile,
|
||||
"\nPassword lock: ", pw_on,
|
||||
"\nPassword timeout: ", pwtimeout,
|
||||
|
@ -169,10 +179,17 @@ def init():
|
|||
|
||||
|
||||
if(__name__ == "__main__"):
|
||||
|
||||
try:
|
||||
init()
|
||||
conf = None
|
||||
opts, args = getopt.getopt(sys.argv[1:], "c:")
|
||||
for o, a in opts:
|
||||
if o == "-c":
|
||||
conf = a
|
||||
init(conf)
|
||||
main()
|
||||
except getopt.GetoptError as e:
|
||||
print("Error using options. Allowed options:\n-c [FILE] - Config file\n")
|
||||
quit(2)
|
||||
except KeyboardInterrupt:
|
||||
print("\r\rServer stopped.")
|
||||
|
|
@ -7,10 +7,10 @@ port=13573
|
|||
cafile=CA.crt
|
||||
|
||||
# Server's certificate [signed by the CA above]
|
||||
certfile=ding_server.crt
|
||||
certfile=dingd.crt
|
||||
|
||||
# Server's private key
|
||||
keyfile=ding_server.key
|
||||
keyfile=dingd.key
|
||||
|
||||
## Optional cleartext password
|
||||
# To unlock the commands you need to send the password before sending the command.
|
|
@ -7,10 +7,10 @@ port=13573
|
|||
cafile=CA.crt
|
||||
|
||||
# Server's certificate [signed by the CA above]
|
||||
certfile=ding_server.crt
|
||||
certfile=dingd.crt
|
||||
|
||||
# Server's private key
|
||||
keyfile=ding_server.key
|
||||
keyfile=dingd.key
|
||||
|
||||
## Optional cleartext password
|
||||
# To unlock the commands you need to send the password before sending the command.
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=dingd Service
|
||||
|
||||
[Service]
|
||||
ExecStart=/root/ding/dingd -c /path/to/config/file/dingd.cfg
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
Loading…
Reference in New Issue