Browse Source

Optional password function added

pull/1/head
Bandie Canis 4 years ago
parent
commit
93a88fc322
  1. 12
      README.md
  2. 6
      ding_client
  3. 91
      ding_server
  4. 15
      ding_server.cfg
  5. BIN
      img/dingScreenshot.png

12
README.md

@ -9,7 +9,7 @@ The server awaits commands sent by the client. A command must be defined in the
The authentication is done by an SSL Client Certificate signed by an (own generated) Certificate Authority. The scripts for generating a CA and signing a Server/Client Certificate are also in here to make it (relatively) easy. [ You need only to press enter in the most cases, type in some certificate information and entering a previously defined CA password. ]
## Pic or didn't happen
![Screenshot of CircleArt](/img/dingScreenshot.png)
![Screenshot of ding](/img/dingScreenshot.png)
[Can't read a thing?](https://raw.githubusercontent.com/Bandie/ding/master/img/dingScreenshot.png)
## Installation
@ -23,4 +23,14 @@ In all steps please read carefully what the certification generate scripts want
6. Start the server using `./ding_server`. You may want to put this in a tmux session ([Ctrl+B, D] ;) ).
7. Try out the client using `./ding_client <command>`.
## Optional: Cleartext password with timeout
If you want to be sure that the ability of the remote connection won't be abused by bad people using your computer, you may want to add a password.
To do so:
1. Open your `ding_server.cfg`.
2. Set `pw_on=true`.
3. Set a password, like `password=abc def`.
4. Set a password timeout: `pwtimeout=10` for 10 seconds.
If you have a password with special characters like spaces or something else, you might want to embrace the password in quotation marks, like `./ding_client "abc def"`.

6
ding_client

@ -44,6 +44,12 @@ def send(conn, cmd):
elif(buf == b"ERR CMD_ERR"):
print("Error. Server said: The command doesn't work because the file doesn't exist on the server.")
exitcode = 2
elif(buf == b"ERR PW"):
print("Error. Password required. The password was wrong.")
exitcode = 4
elif(b"OK PW" in buf):
bufr=str(buf.decode('utf-8'))
print("Password accepted. Timeout:", bufr.replace("OK PW ",""), "seconds.")
else:
conn.sendall(b"NO.")

91
ding_server

@ -3,7 +3,7 @@
# Author: Bandie Canis
# License: 2-Clause BSD license
import ssl, socket, subprocess, time
import ssl, socket, subprocess, time, os
import configparser
CONFIG = "ding_server.cfg"
@ -12,29 +12,37 @@ def getTimestamp():
t = "[" + time.strftime("%Y-%m-%d %H:%M:%S") + "]"
return t
def execFromConfig(option):
def execFromConfig(option, pw=False):
cfg = configparser.SafeConfigParser()
cfg.read(CONFIG)
try:
cmd = cfg.get("Commands", option).replace("\"", "").replace("\'", "")
cmd = cmd.split(" ")
if(pw):
if(option == password):
return 4
else:
return 5
else:
try:
subprocess.Popen(cmd)
return 0
cmd = cfg.get("Commands", option).replace("\"", "").replace("\'", "")
cmd = cmd.split(" ")
try:
subprocess.Popen(cmd)
return 0
except FileNotFoundError:
print(getTimestamp(), "Can't execute", cmd, ". File not found.")
return 2
except FileNotFoundError:
print(getTimestamp(), "Can't execute", cmd, ". File not found.")
return 2
except configparser.NoOptionError:
print(getTimestamp(), "No execution set:", option)
return 1
except configparser.NoOptionError:
print(getTimestamp(), "No execution set:", option)
return 1
def main():
while True:
newsocket, fromaddr = bindsocket.accept()
try:
@ -44,10 +52,16 @@ def main():
con_loop = True
while con_loop:
global tmppw_on, pw_on, pwtimeout
if('timeout' in locals() and timeout<time.time()):
del timeout
tmppw_on=pw_on
print(getTimestamp(), "Locked.")
try:
buf = connstream.recv(1024)
if not buf: break
buf = buf.decode("utf-8").upper()
buf = buf.decode("utf-8")
except ssl.SSLEOFError:
print(getTimestamp(), "SSL-EOF-Error.")
con_loop = False
@ -55,15 +69,29 @@ def main():
print(getTimestamp(), "Connection reset.")
serve()
print(getTimestamp(), " ", fromaddr[0], ": ", buf, sep="")
retval = execFromConfig(buf)
if(retval == 0):
connstream.send(b"OK CMD")
elif(retval == 1):
connstream.send(b"ERR NO_CMD")
elif(retval == 2):
connstream.send(b"ERR CMD_ERR")
if(tmppw_on):
retval = execFromConfig(buf, True)
if(retval == 5):
print(getTimestamp(), " ", fromaddr[0], ": Wrong Password.", sep="")
connstream.send(b"ERR PW")
if(retval == 4):
print(getTimestamp(), " ", fromaddr[0], ": Unlocked for ", pwtimeout, "sec.", sep="")
pwokstr = "OK PW " + str(pwtimeout)
connstream.send(bytes(pwokstr, "utf-8"))
timeout=time.time() + pwtimeout
tmppw_on = False
else:
print(getTimestamp(), " ", fromaddr[0], ": ", buf, sep="")
retval = execFromConfig(buf)
if(retval == 0):
connstream.send(b"OK CMD")
elif(retval == 1):
connstream.send(b"ERR NO_CMD")
elif(retval == 2):
connstream.send(b"ERR CMD_ERR")
except ssl.SSLError as e:
@ -74,7 +102,7 @@ def main():
def init():
global host, port, cafile, certfile, keyfile, context, bindsocket
global host, port, cafile, certfile, keyfile, pw_on, password, pwtimeout, tmppw_on, context, bindsocket
cfg = configparser.SafeConfigParser()
cfg.read(CONFIG)
@ -85,6 +113,14 @@ def init():
cafile=cfg.get("Security", "cafile").replace("\"","").replace("\'","")
certfile=cfg.get("Security", "certfile").replace("\"","").replace("\'","")
keyfile=cfg.get("Security", "keyfile").replace("\"","").replace("\'","")
pw_on=cfg.get("Security", "pw_on").replace("\"","").replace("\'","")
password=cfg.get("Security", "password").replace("\"","").replace("\'","")
pwtimeout=int(cfg.get("Security", "pwtimeout").replace("\"","").replace("\'",""))
if(pw_on.upper() == "TRUE"):
pw_on = True
else:
pw_on = False
tmppw_on=pw_on
except configparser.NoOptionError as e:
print("Error in configuration file:", e)
quit(1)
@ -120,9 +156,12 @@ def init():
"\nCAFile: ", cafile,
"\nCertfile: ", certfile,
"\nKeyfile: ", keyfile,
"\nPassword lock: ", pw_on,
"\nPassword timeout: ", pwtimeout,
"\n===========",
sep="")
if(__name__ == "__main__"):

15
ding_server.cfg

@ -12,6 +12,21 @@ certfile=ding_server.crt
# Server's private key
keyfile=ding_server.key
## Optional cleartext password
# To unlock the commands you need to send the password before sending the command.
# Example:
# $ ./ding_client "My password"
# $ ./ding_client lock
# Password on? (true/false)
pw_on=false
# Password (if you use spaces or other stuff you need to embrace the password in quotation marks, like ./ding_client "abc def"
password=abc def
# Password timeout in seconds
pwtimeout=10
[Commands]
# Syntax:

BIN
img/dingScreenshot.png

Before

Width: 1365  |  Height: 747  |  Size: 24 KiB

After

Width: 1365  |  Height: 749  |  Size: 102 KiB

Loading…
Cancel
Save