summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--contrib/peer2anonet/README38
-rw-r--r--contrib/peer2anonet/peer2anonet130
2 files changed, 120 insertions, 48 deletions
diff --git a/contrib/peer2anonet/README b/contrib/peer2anonet/README
index 3ddecd5..8d4e73d 100644
--- a/contrib/peer2anonet/README
+++ b/contrib/peer2anonet/README
@@ -7,6 +7,8 @@
SYNOPSIS:
peer2anonet
+ -OR-
+ peer2anonet < autoconfig
DESCRIPTION:
@@ -50,6 +52,31 @@ INSTALL AND UNINSTALL:
make install-deb
+USAGE:
+ You may execute peer2anonet and answer configuration questions
+ via interface or pipe a file containing the new peering
+ session's specifications to the executable. peer2anonet has
+ some security checks but it is highly recommended you check
+ a autoconfig file manually before using to prevent malicious
+ attacks. An autoconfig file should be in the following format:
+ Plain text file, one block of data per line, no spaces, and
+ without including the following '<-- comments'.
+
+================== Not Actual Line on File ============================
+anon <--your peer's alias
+1.2.3.0 <--your new anonet network address
+1.2.3.1 <--your new anonet router address
+1.2.3.2 <--your new anonet ip
+1001 <--your new anonet client port
+1230 <--you new asn
+11.22.33.44 <--your peer's remote ip
+3.5.7.9 <--your peer's anonet ip
+3571 <--your peer's client port
+3570 <--your peer's asn
+3c6e0b8a9c15224a8228b9a98ca1531d <--your peer's public key
+================== Not Actual Line on File ============================
+
+
CHANGES:
Sat Jul 9 06:48:58 CDT 2011 - d3v1150m471c
* quicktun's "EXPORT DEBUG=1" removed on peering script.
@@ -63,4 +90,15 @@ CHANGES:
* bash added to dependencies
* file tests with mkdir changed to `mkdir -p`... .
* peering file removed, passes directly to run file now.
+
+ Sun Jul 10 05:47:22 CDT 2011 - d3v1150m471c
+ * makefile changed to Makefile
+ * parse quicktun.keypair</dev/random directly to seckey variable.
+ * removed y/n questions with file tests and automatic
+ configuration.
+ * README file updated
+ * ported for autoconfig file pipes
+ * some security checks created
+
+
diff --git a/contrib/peer2anonet/peer2anonet b/contrib/peer2anonet/peer2anonet
index 9e4d8de..a3a7b4d 100644
--- a/contrib/peer2anonet/peer2anonet
+++ b/contrib/peer2anonet/peer2anonet
@@ -2,7 +2,7 @@
#########################################################################
# We need to check for root privileges:
if [[ $(id -u) != 0 ]]; then
- echo "peer2anonet: error: root priviliges required."
+ echo "peer2anonet: error: root privileges required."
exit 1
fi
@@ -13,10 +13,16 @@ mkdir -p /services/bird
mkdir -p /service
#########################################################################
-# See if we need new keys:
-read -p "Would you like to generate new keys? [y/n]: " ASK
-[[ $ASK == *y* ]] && quicktun.keypair</dev/random && echo
-[[ $ASK == *Y* ]] && quicktun.keypair</dev/random && echo
+# Generate new keys:
+KEYS=`quicktun.keypair</dev/random`
+SECKEY=`echo $KEYS | head -1`
+YPUBKEY=`echo $KEYS | head -2 | tail -1`
+echo "
+peer2anonet: your public key is:
+
+$YPUBKEY
+
+"
#########################################################################
# We need to get info for the new peering and BGP session:
@@ -30,10 +36,70 @@ read -p "Enter your peer remote ip: " REMOTEIP
read -p "Enter your peer anonet ip: " PEERIP
read -p "Enter your peer remote port: " PEERPORT
read -p "Enter your peer asn: " PEERASN
-read -p "Enter your secret key: " SECKEY
read -p "Enter your peer's public key: " PUBKEY
#########################################################################
+# Do some security checks on variables:
+TEST[0]=$PEERNAME; TEST[1]=$YOURNET; TEST[2]=$YOURROUTE; TEST[3]=$YOURIP
+TEST[4]=$YOURPORT; TEST[5]=$YOURASN; TEST[6]=$REMOTEIP; TEST[7]=$PEERIP
+ TEST[8]=$PEERPORT; TEST[9]=$PEERASN
+
+SECURE() {
+ echo "peer2anonet: error: possible malicious code detected"
+ echo "offending data: $CHECK"
+ exit 1
+ }
+
+
+for CHECK in ${TEST[@]}; do
+[[ $CHECK == *'rm '* ]] && SECURE
+[[ $CHECK == *'mail '* ]] && SECURE
+[[ $CHECK == *'cp '* ]] && SECURE
+[[ $CHECK == *'mv '* ]] && SECURE
+[[ $CHECK == *'ipconfig'* ]] && SECURE
+[[ $CHECK == *'iwconfig'* ]] && SECURE
+[[ $CHECK == *'ping '* ]] && SECURE
+[[ $CHECK == *'make '* ]] && SECURE
+[[ $CHECK == *'install'* ]] && SECURE
+[[ $CHECK == *'uninstall'* ]] && SECURE
+[[ $CHECK == *'map '* ]] && SECURE
+[[ $CHECK == *'su '* ]] && SECURE
+[[ $CHECK == *'sudo'* ]] && SECURE
+[[ $CHECK == *'$'* ]] && SECURE
+[[ $CHECK == *'!'* ]] && SECURE
+[[ $CHECK == *'echo'* ]] && SECURE
+[[ $CHECK == *'netcat'* ]] && SECURE
+[[ $CHECK == *'id '* ]] && SECURE
+[[ $CHECK == *'source'* ]] && SECURE
+[[ $CHECK == *'alias '* ]] && SECURE
+[[ $CHECK == *'passwd'* ]] && SECURE
+[[ $CHECK == *'user'* ]] && SECURE
+[[ $CHECK == *'bash'* ]] && SECURE
+[[ $CHECK == *'ls '* ]] && SECURE
+[[ $CHECK == *'ssh'* ]] && SECURE
+[[ $CHECK == *'nc '* ]] && SECURE
+[[ $CHECK == *'telnet'* ]] && SECURE
+[[ $CHECK == *'rdesktop'* ]] && SECURE
+[[ $CHECK == *'iptables'* ]] && SECURE
+[[ $CHECK == *'}'* ]] && SECURE
+[[ $CHECK == *'{'* ]] && SECURE
+[[ $CHECK == *'['* ]] && SECURE
+[[ $CHECK == *']'* ]] && SECURE
+[[ $CHECK == *'('* ]] && SECURE
+[[ $CHECK == *')'* ]] && SECURE
+[[ $CHECK == *'exec'* ]] && SECURE
+[[ $CHECK == *'dash'* ]] && SECURE
+[[ $CHECK == *'perl'* ]] && SECURE
+[[ $CHECK == *'python'* ]] && SECURE
+[[ $CHECK == *'netstat'* ]] && SECURE
+[[ $CHECK == *'sockstat'* ]] && SECURE
+[[ $CHECK == *'>'* ]] && SECURE
+[[ $CHECK == *'<'* ]] && SECURE
+[[ $CHECK == *'/'* ]] && SECURE
+[[ $CHECK == *'kill'* ]] && SECURE
+done
+
+#########################################################################
# We need to check if base files need to be imported to services for bird:
NEW_PROTOCOL="
protocol bgp $PEERNAME'_bgp' { table AnoNet_routes;
@@ -96,49 +162,18 @@ protocol direct direct_AnoNet_routes { table AnoNet_routes;
import filter only_AnoNet;
}"
-while true; do
- read -p "Is this your first peering session?" ASK
- if [[ $ASK == *y* ]]; then
- echo "$BIRD_CONF" > /services/bird/bird.conf
- echo "$BIRD_RUN" > /services/bird/run
- chmod +x /services/bird/run
- echo "$NEW_PROTOCOL" >> /services/bird/bird.conf
- break
- elif [[ $ASK == *Y* ]]; then
- echo "$BIRD_CONF" > /services/bird/bird.conf
- echo "$BIRD_RUN" > /services/bird/run
- chmod +x /services/bird/run
- echo "$NEW_PROTOCOL" >> /services/bird/bird.conf
- break
- elif [[ $ASK == *n* ]]; then
- break
- elif [[ $ASK == *N* ]]; then
- break
- fi
-done
+
+
+test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf
+test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run
+chmod +x /services/bird/run
+echo "$NEW_PROTOCOL" >> /services/bird/bird.conf
#########################################################################
# We need to check if this peering session already exists:
-if [ -e /services/"$PEERNAME" ]; then
- while true; do
- read -p "$PEERNAME already exists, would you like to replace it? [y/n]: " ASK
- if [[ $ASK == *y* ]]; then
- rm -r /services/"$PEERNAME"
- mkdir /services/"$PEERNAME"
- break
- elif [[ $ASK == *Y* ]]; then
- rm -r /services/"$PEERNAME"
- mkdir /services/"$PEERNAME"
- break
- elif [[ $ASK == *n* ]]; then
- exit 0
- elif [[ $ASK == *N* ]]; then
- exit 0
- fi
- done
-else
- mkdir /services/"$PEERNAME"
-fi
+test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME"
+mkdir -p /services/"$PEERNAME"
+
#########################################################################
# Create files to configure the new peering session:
@@ -146,7 +181,7 @@ echo "#!/bin/sh
export REMOTE_ADDRESS=$REMOTEIP
export REMOTE_PORT=$PEERPORT
export LOCAL_PORT=$YOURPORT
-export PRIVATE_KEY=$SECKEY
+export PRIVATE_KEY=${SECKEY/'SECRET: /}
export PUBLIC_KEY=$PUBKEY
export TUN_MODE=1
export INTERFACE=ppp-$PEERNAME
@@ -161,7 +196,6 @@ chmod +x /services/"$PEERNAME"/run
#########################################################################
# Configure and start our new peering session:
ln -s /services/"$PEERNAME" /service/
-echo
echo "peer2anonet: New peering session configured
"
exit 0