diff --git a/tincuca-client/README b/tincuca-client/README new file mode 100644 index 0000000000000000000000000000000000000000..7df843486c8823c040f8fea2c4ef5a0d723c8137 --- /dev/null +++ b/tincuca-client/README @@ -0,0 +1,25 @@ +README +====== + +This package contains the tinc configuration needed for a client to +correctly connect to the proinfo vpn. + +There is some considerations to aplly before real use this configuration: + - Make sure you have bc(1) installed on your system + - You need to set the client name on the vpn + Do this editing the tinc.conf (Name varianle), rename the hosts/myname + file to the same name you set on tinc.conf, and update dhcp/chclient.conf + host-name option. + +If you have changed some other files in order to make this to work. + +1. Set the address of tincuca-server in file +clientpackage/package/etc/tinc/vpn/hosts/server. +Server are currently set to beamish.c3sl.ufpr.br. + +2. In the same file, configure properly the server port. Default port is +655. + +3. Remember to put the ssh public key used by tincuca-server in +clientpackage/package/etc/tincuca-client/id_rsa_tincuca.pub. This public key +will allow you to connect into tincuca-clients throught a ssh tunnel. diff --git a/tincuca-client/clientpackage/generatepackage.sh b/tincuca-client/clientpackage/generatepackage.sh new file mode 100755 index 0000000000000000000000000000000000000000..c2e5daf22db12c35d0b6410e89b566beeb11ae7b --- /dev/null +++ b/tincuca-client/clientpackage/generatepackage.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# Copyright (C) 2004-2010 Centro de Computacao Cientifica e Software Livre +# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR +# +# This file is part of tincuca-client +# +# tincuca-client is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +# Get version +if test $# -ne 1 ; then + echo "Usage: $(basename $0) version" + exit 1 +fi + +VERSION=$1 + +echo "${VERSION}" > ./package/etc/tincuca-client/version +sed -i "s/^Version: .*$/Version: ${VERSION}/g" ./package/DEBIAN/control + +fakeroot dpkg -b package . + +# Generate .rpm package +PACKNAME="tincuca-client_${VERSION}_i386.deb" +fakeroot alien --to-rpm --scripts $PACKNAME + +rm -f ./package/etc/tincuca-client/version diff --git a/tincuca-client/clientpackage/package/DEBIAN/control b/tincuca-client/clientpackage/package/DEBIAN/control new file mode 100644 index 0000000000000000000000000000000000000000..a0d10f9ee88c8dbe1bf03ff0015b7f7ad1b5ba7c --- /dev/null +++ b/tincuca-client/clientpackage/package/DEBIAN/control @@ -0,0 +1,10 @@ +Package: tincuca-client +Version: 1.0.0 +Maintainer: <proinfodata@c3sl.ufpr.br> +Architecture: i386 +Depends: bc, tinc, dhcp3-client, cron, grep, ntp, ssh +Description: Client of the TINCUCA system + + The TINCUCA system provides acess to the UCA servers of the RUCA project. + This package setups the conection on the client side. + diff --git a/tincuca-client/clientpackage/package/DEBIAN/postinst b/tincuca-client/clientpackage/package/DEBIAN/postinst new file mode 100755 index 0000000000000000000000000000000000000000..06f0192c3704980929e91347fb7bac4a8cc7ae08 --- /dev/null +++ b/tincuca-client/clientpackage/package/DEBIAN/postinst @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright (C) 2004-2010 Centro de Computacao Cientifica e Software Livre +# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR +# +# This file is part of tincuca-client +# +# tincuca-client is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +# This is the postinst of tincuca-client + +# Scheudule the main script +command="0 * * * * /usr/local/bin/tincuca-client.sh" +oldCrontab="$(crontab -l | sed '/^ *$/d')" +if echo "${oldCrontab}" | grep -q -v tincuca ; then + printf "${oldCrontab}\n\n${command}\n\n" | crontab - +fi + +# Create links in /etc/init.d +/usr/lib/lsb/install_initd /etc/init.d/tincuca-client + +# Update /etc/init.d +/sbin/insserv tincuca-client + +# Run the main script +/usr/local/bin/tincuca-client.sh + +exit 0 diff --git a/tincuca-client/clientpackage/package/DEBIAN/postrm b/tincuca-client/clientpackage/package/DEBIAN/postrm new file mode 100755 index 0000000000000000000000000000000000000000..243df00556dc4f437bc529a91e8d573a30ebbbc3 --- /dev/null +++ b/tincuca-client/clientpackage/package/DEBIAN/postrm @@ -0,0 +1,29 @@ +#!/bin/bash +# Copyright (C) 2004-2010 Centro de Computacao Cientifica e Software Livre +# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR +# +# This file is part of tincuca-client +# +# tincuca-client is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +# This is the postinst of tincuca-client + +# Scheudule the main script +command="0 * * * * /usr/local/bin/tincuca-client.sh" +oldCrontab="$(crontab -l | grep -v tincuca-client)" +printf "${oldCrontab}\n\n" | crontab - + +exit 0 diff --git a/tincuca-client/clientpackage/package/DEBIAN/preinst b/tincuca-client/clientpackage/package/DEBIAN/preinst new file mode 100755 index 0000000000000000000000000000000000000000..586e3715dbf1ed070d58efc7b8bbfd2d9fd1b0f3 --- /dev/null +++ b/tincuca-client/clientpackage/package/DEBIAN/preinst @@ -0,0 +1,24 @@ +#!/bin/bash +# Copyright (C) 2004-2010 Centro de Computacao Cientifica e Software Livre +# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR +# +# This file is part of tincuca-client +# +# tincuca-client is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +# This is the preinst of tincuca-client + +exit 0 diff --git a/tincuca-client/clientpackage/package/etc/init.d/tincuca-client b/tincuca-client/clientpackage/package/etc/init.d/tincuca-client new file mode 100755 index 0000000000000000000000000000000000000000..fc8506bcf9394b9546cfa4c8f48d1eb68e4a8be3 --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/init.d/tincuca-client @@ -0,0 +1,62 @@ +#!/bin/sh +# Copyright (C) 2004-2010 Centro de Computacao Cientifica e Software Livre +# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR +# +# This file is part of tincuca-client +# +# tincuca-client is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. +# +### BEGIN INIT INFO +# Provides: tincuca-client +# Required-Start: $syslog $remote_fs $network +# Should-Start: $ALL +# Required-Stop: $syslog $remote_fs +# Should-Stop: ypbind smtp +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: tincuca client +# Description: Starts the tincuca client +### END INIT INFO + +. /etc/rc.status +rc_reset + +case "$1" in + start) + echo -n "Starting tincuca-client " + /usr/local/bin/tincuca-client.sh start + + rc_status -v + ;; + stop) + echo -n "Shutting down tincuca-client " + /usr/local/bin/tincuca-client.sh stop + + rc_status -v + ;; + restart) + echo -n "Restarting tincuca-client " + /usr/local/bin/tincuca-client.sh restart + + rc_status -v + ;; + + *) + echo "Usage: $0 {start|stop|restart}" + ;; + +esac +rc_exit diff --git a/tincuca-client/clientpackage/package/etc/tinc/vpn/dhcp/dhclient.conf b/tincuca-client/clientpackage/package/etc/tinc/vpn/dhcp/dhclient.conf new file mode 100644 index 0000000000000000000000000000000000000000..efc6a4dc089a0f9357a72fac443519859124f3b4 --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tinc/vpn/dhcp/dhclient.conf @@ -0,0 +1,10 @@ +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +send domain-name "proinfo"; +send host-name "myname"; + +request subnet-mask, broadcast-address, time-offset, routers, + domain-name, domain-name-servers, domain-search, host-name, + netbios-name-servers, netbios-scope, interface-mtu, + ntp-servers, rfc3442-classless-static-routes; + diff --git a/tincuca-client/clientpackage/package/etc/tinc/vpn/hosts/myname b/tincuca-client/clientpackage/package/etc/tinc/vpn/hosts/myname new file mode 100644 index 0000000000000000000000000000000000000000..9d6b92cc26cc82b44b4eebc6edf007349f078c97 --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tinc/vpn/hosts/myname @@ -0,0 +1,8 @@ +Subnet = 10.10.0.0/16 +TCPOnly = yes + +-----BEGIN RSA PUBLIC KEY----- +MIGJAoGBALT73FZbK+9FZSSpQ2S+YCDA3I/6O8RksCbqEebLgX0IGgsowQc5FFj4 +MYwrnTdpQ2N33p9OeMSaO7/FNRZh1+wrptw7HjC/Ug3NAazAG2t2AOIcxOEW3TKt +3edXsaHd74Hbg+qd9E5gLjv//MKtsuJJA3NUtMFfal9nlo36V5bTAgMBAAE= +-----END RSA PUBLIC KEY----- diff --git a/tincuca-client/clientpackage/package/etc/tinc/vpn/hosts/server b/tincuca-client/clientpackage/package/etc/tinc/vpn/hosts/server new file mode 100644 index 0000000000000000000000000000000000000000..04cc1ccde816c95999cd0289e5d3e479710bb193 --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tinc/vpn/hosts/server @@ -0,0 +1,9 @@ +Address = beamish.c3sl.ufpr.br +Subnet = 10.10.0.0/16 +TCPOnly = yes + +-----BEGIN RSA PUBLIC KEY----- +MIGJAoGBAMdezFPTFnXcgT/sOTEwZVdrHM6w4nzddZrGSeHchjiX5fgMqpKrjfQc +cgMCibKK5B3GC/yWPIm1ExDlAFK6ybZDmxU+658wSM3sXWaBhYbVKs1OlAdpCWI6 +sEJFkYYuTzOWMdp+Dd0OyaEY43pnpQY1RLQzEueYLty3dUABNVwnAgMBAAE= +-----END RSA PUBLIC KEY----- diff --git a/tincuca-client/clientpackage/package/etc/tinc/vpn/rsa_key.priv b/tincuca-client/clientpackage/package/etc/tinc/vpn/rsa_key.priv new file mode 100644 index 0000000000000000000000000000000000000000..4d128f4e9ecc27c0d0fabec90fa20d73f18a2a25 --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tinc/vpn/rsa_key.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC0+9xWWyvvRWUkqUNkvmAgwNyP+jvEZLAm6hHmy4F9CBoLKMEH +ORRY+DGMK503aUNjd96fTnjEmju/xTUWYdfsK6bcOx4wv1INzQGswBtrdgDiHMTh +Ft0yrd3nV7Gh3e+B24PqnfROYC47//zCrbLiSQNzVLTBX2pfZ5aN+leW0wIDAQAB +AoGAQdJTyUhxSx0m8tVogExIs8DQtsBgWkXwVsbMae7bkjiPGD3jLhhRUSY7BuqZ +zBxJePSQj8m/XGlnj5BOhWxiVZIRlKdH1Pw4BM9tjQePJ68YmxuhUc61XqNs9qMn +9t/Xt89M2mAzH/MVMi0i7ir1oQWuTOTqwIWWunkt3ZwL7JkCQQDuDqIm1Vq8IBhL +/A1Hr9yzL6tfiBstRwlPeSYnNjfkMNEwjlZwi+0gSnERDXLUdVU08VwvsUwKgud9 +RJ6b7BrPAkEAwp/8CGZ6GDxbAfq3ZijIBBWNsRtVTES5LPLUU+MXfZQIVOYzryBP +OYpljNRyVmmZHXyTjK9HvsrKZIWcIX50vQJATAMEJ54scLFW0LxUiTVQJS7ta32M +H/L0uBmY4yBezFACG5z3YMxtFMhwPd+rcMdeQ59lrhzQiPKvc8I7WtIS5QJBAJ/+ +zT5KoEyUMWyrI2HEXMmevmC+S5zrUh91cL+VjJYbv82rgQmS0g5Hi7v+WhBXtxva +caHR5nUeWMvSWsveHTECQCLOQ8o5gh3+R/2NtEYBQw4AH1uNN2lgEDd0wmdRsLZq +Cmot3bDgrAV9qQ3kar0LYLo0lj7pph5xHn0K7afWReU= +-----END RSA PRIVATE KEY----- diff --git a/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc-down b/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc-down new file mode 100755 index 0000000000000000000000000000000000000000..ca98251d8fed0821789e187c22697753a8bb6455 --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc-down @@ -0,0 +1,5 @@ +#!/bin/sh + +ifconfig $INTERFACE down +# Kill remaining dhclient processes +pkill -9 -f "dhclient .* $INTERFACE" diff --git a/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc-up b/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc-up new file mode 100755 index 0000000000000000000000000000000000000000..82accdb22e401bc0f694ee481b8e930c0af764bf --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc-up @@ -0,0 +1,32 @@ +#!/bin/sh + +PATH=${PATH}:/sbin:/usr/sbin +DHCLTSCRIPT=/etc/tincuca-client/dhclient-script +DHCLTCONF=/etc/tinc/vpn/dhcp/dhclient.conf + +changeLastOctect () { + MACFIRST=$(echo $1 | cut -d: -f1-5) + MACLAST=$(echo $1 | cut -d: -f6 | tr "[:lower:]" "[:upper:]") + NEWLAST=$(echo "lenght=2;obase=16;ibase=16;($MACLAST+1)%100" | bc) + if test $(expr length $NEWLAST) -eq 1; then + NEWLAST="0$NEWLAST" + fi + NEWLAST=$(echo $NEWLAST | tr "[:upper:]" "[:lower:]") + echo "${MACFIRST}:$NEWLAST" + return 0 +} + +# Default interface +IFDEF=$(route | grep default | awk '{print $NF}') +MACADDR=$(ifconfig ${IFDEF} | head -n1 | awk '{print $NF}' 2> /dev/null) +MACEXPRESSION="^([a-f0-9]{2}:){5}[a-f0-9]{2}$" + +if test -n "$(echo ${MACADDR} | egrep -i ${MACEXPRESSION})"; then + MACADDR=$(changeLastOctect $MACADDR) +fi + +ifconfig $INTERFACE down +ifconfig $INTERFACE hw ether $MACADDR +ifconfig $INTERFACE up +dhclient -cf $DHCLTCONF -sf $DHCLTSCRIPT vpn & disown + diff --git a/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc.conf b/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc.conf new file mode 100644 index 0000000000000000000000000000000000000000..0867abd86a4fae0b6a70597d2f80876ca20e1147 --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tinc/vpn/tinc.conf @@ -0,0 +1,9 @@ +Name = myname + +ConnectTo = server +AddressFamily = ipv4 +TCPOnly = yes + +Mode = switch + +Device = /dev/net/tun diff --git a/tincuca-client/clientpackage/package/etc/tincuca-client/dhclient-script b/tincuca-client/clientpackage/package/etc/tincuca-client/dhclient-script new file mode 100755 index 0000000000000000000000000000000000000000..c0acb47325df59ba71fbef3ed78a77d3967c573b --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tincuca-client/dhclient-script @@ -0,0 +1,269 @@ +#!/bin/bash + +# dhclient-script for Linux. Dan Halbert, March, 1997. +# Updated for Linux 2.[12] by Brian J. Murrell, January 1999. +# Modified for Debian. Matt Zimmerman and Eloy Paris, December 2003 +# Modified to remove useless tests for antiquated kernel versions that +# this doesn't even work with anyway, and introduces a dependency on /usr +# being mounted, which causes cosmetic errors on hosts that NFS mount /usr +# Andrew Pollock, February 2005 +# Modified to work on point-to-point links. Andrew Pollock, June 2005 +# Modified to support passing the parameters called with to the hooks. Andrew Pollock, November 2005 + +# The alias handling in here probably still sucks. -mdz + +make_resolv_conf() { + if [ "$new_domain_name" -o "$new_domain_search" \ + -o "$new_domain_name_servers" ]; then + local new_resolv_conf=/etc/resolv.conf.dhclient-new + rm -f $new_resolv_conf + + if [ "$new_domain_name_servers" ]; then + for nameserver in $new_domain_name_servers; do + echo nameserver $nameserver >>$new_resolv_conf + done + else # keep 'old' nameservers + sed -n /^\w*[Nn][Aa][Mm][Ee][Ss][Ee][Rr][Vv][Ee][Rr]/p /etc/resolv.conf >>$new_resolv_conf + fi + + if [ "$new_domain_name" ]; then + echo domain ${new_domain_name%% *} >>$new_resolv_conf + fi + + if [ "$new_domain_search" ]; then + if [ "$new_domain_name" ]; then + domain_in_search_list="" + for domain in "$new_domain_search"; do + if [ "$domain" = "$new_domain_name" ]; then + domain_in_search="Yes" + fi + done + if [ ! "$domain_in_search" ]; then + new_domain_search="$new_domain_name $new_domain_search" + fi + fi + echo "search ${new_domain_search}" >> $new_resolv_conf + elif [ "$new_domain_name" ]; then + echo "search ${new_domain_name}" >> $new_resolv_conf + fi + + chown --reference=/etc/resolv.conf $new_resolv_conf + chmod --reference=/etc/resolv.conf $new_resolv_conf + mv -f $new_resolv_conf /etc/resolv.conf + fi +} + +run_hook() { + local script="$1" + local exit_status + shift # discard the first argument, then the rest are the script's + + if [ -f $script ]; then + . $script "$@" + fi + + + if [ -n "$exit_status" ] && [ "$exit_status" -ne 0 ]; then + logger -p daemon.err "$script returned non-zero exit status $exit_status" + save_exit_status=$exit_status + fi + + return $exit_status +} + +run_hookdir() { + local dir="$1" + local exit_status + shift # See run_hook + + if [ -d "$dir" ]; then + for script in $(run-parts --list $dir); do + run_hook $script "$@" || true + exit_status=$? + done + fi + + return $exit_status +} + +# Must be used on exit. Invokes the local dhcp client exit hooks, if any. +exit_with_hooks() { + exit_status=$1 + + # Source the documented exit-hook script, if it exists + if ! run_hook /etc/dhcp3/dhclient-exit-hooks "$@"; then + exit_status=$? + fi + + # Now run scripts in the Debian-specific directory. + if ! run_hookdir /etc/dhcp3/dhclient-exit-hooks.d "$@"; then + exit_status=$? + fi + + exit $exit_status +} + +if [ -n "$new_broadcast_address" ]; then + new_broadcast_arg="broadcast $new_broadcast_address" +fi +if [ -n "$old_broadcast_address" ]; then + old_broadcast_arg="broadcast $old_broadcast_address" +fi +if [ -n "$new_subnet_mask" ]; then + new_subnet_arg="netmask $new_subnet_mask" +fi +if [ -n "$old_subnet_mask" ]; then + old_subnet_arg="netmask $old_subnet_mask" +fi +if [ -n "$alias_subnet_mask" ]; then + alias_subnet_arg="netmask $alias_subnet_mask" +fi +# The 576 MTU is only used for X.25 and dialup connections +# where the admin wants low latency. Such a low MTU can cause +# problems with UDP traffic, among other things. As such, +# disallow MTUs from 576 and below by default, so that broken +# MTUs are ignored, but higher stuff is allowed (1492, 1500, etc). +if [ -n "$new_interface_mtu" ] && [ $new_interface_mtu -gt 576 ]; then + mtu_arg="mtu $new_interface_mtu" +fi +if [ -n "$IF_METRIC" ]; then + metric_arg="metric $IF_METRIC" # interfaces(5), "metric" option +fi + + +# The action starts here + +# Invoke the local dhcp client enter hooks, if they exist. +run_hook /etc/dhcp3/dhclient-enter-hooks +run_hookdir /etc/dhcp3/dhclient-enter-hooks.d + +# Execute the operation +case "$reason" in + MEDIUM|ARPCHECK|ARPSEND) + # Do nothing + ;; + PREINIT) + # The DHCP client is requesting that an interface be + # configured as required in order to send packets prior to + # receiving an actual address. - dhclient-script(8) + + if [ -n "$alias_ip_address" ]; then + # Bring down alias interface. Its routes will disappear too. + ifconfig $interface:0- inet 0 + fi + ifconfig $interface inet 0 up + + ;; + + BOUND|RENEW|REBIND|REBOOT) + + if [[ "${interface}" == "vpn" ]]; then + + # Restart SSH service + if test -f "/etc/init.d/ssh"; then + /etc/init.d/ssh restart + elif test -f "/etc/init.d/sshd"; then + /etc/init.d/sshd restart + fi + + fi + + if [ -n "$old_host_name" -a -n "$host_name" -a \ + "$host_name" != "$old_host_name" ]; then + hostname "$new_host_name" + fi + + if [ -n "$old_ip_address" -a -n "$alias_ip_address" -a \ + "$alias_ip_address" != "$old_ip_address" ]; then + # Possible new alias. Remove old alias. + ifconfig $interface:0- inet 0 + fi + + if [ -n "$old_ip_address" -a \ + "$old_ip_address" != "$new_ip_address" ]; then + # IP address changed. Bringing down the interface will delete all routes, + # and clear the ARP cache. + ifconfig $interface inet 0 + + fi + + if [ -z "$old_ip_address" -o "$old_ip_address" != "$new_ip_address" -o \ + "$reason" = "BOUND" -o "$reason" = "REBOOT" ]; then + + ifconfig $interface inet $new_ip_address $new_subnet_arg \ + $new_broadcast_arg $mtu_arg + + # point to point + if [ "$new_subnet_mask" == "255.255.255.255" ]; then + for router in $new_routers; do + route add -host $router dev $interface + done + fi + + for router in $new_routers; do + route add default dev $interface gw $router $metric_arg + done + fi + + if [ "$new_ip_address" != "$alias_ip_address" -a -n "$alias_ip_address" ]; + then + ifconfig $interface:0- inet 0 + ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg + route add -host $alias_ip_address $interface:0 + fi + + make_resolv_conf + + ;; + + EXPIRE|FAIL|RELEASE|STOP) + if [ -n "$alias_ip_address" ]; then + # Turn off alias interface. + ifconfig $interface:0- inet 0 + fi + + if [ -n "$old_ip_address" ]; then + # Shut down interface, which will delete routes and clear arp cache. + ifconfig $interface inet 0 + fi + + if [ -n "$alias_ip_address" ]; then + ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg + route add -host $alias_ip_address $interface:0 + fi + + ;; + + TIMEOUT) + if [ -n "$alias_ip_address" ]; then + ifconfig $interface:0- inet 0 + fi + + ifconfig $interface inet $new_ip_address $new_subnet_arg \ + $new_broadcast_arg $mtu_arg + + set -- $new_routers + first_router="$1" + + if [ -z "$first_router" ] || ping -q -c 1 $first_router; then + if [ "$new_ip_address" != "$alias_ip_address" -a \ + -n "$alias_ip_address" ]; then + ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg + route add -host $alias_ip_address dev $interface:0 + fi + + for router in $new_routers; do + route add default dev $interface gw $router $metric_arg + done + + make_resolv_conf + else + # Changed from 'ifconfig $interface inet 0 down' - see Debian bug #144666 + ifconfig $interface inet 0 + exit_with_hooks 2 "$@" + fi + + ;; +esac + +exit_with_hooks 0 diff --git a/tincuca-client/clientpackage/package/etc/tincuca-client/id_rsa_tincuca.pub b/tincuca-client/clientpackage/package/etc/tincuca-client/id_rsa_tincuca.pub new file mode 100644 index 0000000000000000000000000000000000000000..1ceef9e9685396b0f7078eecbf5e94f35508d47b --- /dev/null +++ b/tincuca-client/clientpackage/package/etc/tincuca-client/id_rsa_tincuca.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs2PF8M2nRSCp3WsAJRzZpE44LmgnO+xJ8DLYAKAmGI+RTjuv6nD0763B4sWqE++EFM/zpV33FpPyh4Mh9LtroyLsui1S9IqYoiu14Hwdvh3h06yoHq5tF1RlV6/F+mIsScekb/NowVw9UQOgq5VvfhBXAYQ7HU7cgWixp5hsXHw9quqhaYQFSzGIFrPvlRleTWJZ/dIB5TnU0xjj8Q/3geJN4pjd2igAP3vfPhw/lzdGEi4JSecIDFXRfcJv0IuEr4gNP1BbrkcPsaQau4Yg7TcMpEPW8pQmDaf4w+wFBnC45d8D3xkJkFv/EigASCWew/jxnL2EOTQprKVHm1YLvQ== root@beamish diff --git a/tincuca-client/clientpackage/package/usr/local/bin/tincuca-client.sh b/tincuca-client/clientpackage/package/usr/local/bin/tincuca-client.sh new file mode 100755 index 0000000000000000000000000000000000000000..17556090d0bc0712f88a4d062a8986787edcd3fb --- /dev/null +++ b/tincuca-client/clientpackage/package/usr/local/bin/tincuca-client.sh @@ -0,0 +1,197 @@ +#!/bin/bash +# Copyright (C) 2004-2010 Centro de Computacao Cientifica e Software Livre +# Departamento de Informatica - Universidade Federal do Parana - C3SL/UFPR +# +# This file is part of tincuca-client +# +# tincuca-client is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +LOGFILE="/var/log/tincucaclient.log" +TINCVPN="/etc/tinc/vpn" +DHCPNAMEFILE="${TINCVPN}/dhcp/dhclient.conf" +TINCHOSTDIR="${TINCVPN}/hosts/" +TINCCONF="${TINCVPN}/tinc.conf" +PROINFOINEPFILE="/opt/seed_mec/SEED2/client/conf/inep" +NETBOOT=/etc/tinc/nets.boot +TINCCMD="tincd -n vpn" +TINCSTOPCMD="${TINCCMD} -k" +SERVERADDR="10.10.0.1" + +# All messages printed by this script will be logged in +exec 1>> $LOGFILE 2>&1 + +# Log a message +printLog () { + + date +"%F %T - $1" + +} + +# Configure application +configureTincucaClient () { + + TINCHOSTNAME="$1" + + # Change dhcphostname. This name will be used by the DNS on + # tincuca-server + if ! grep -q ${TINCHOSTNAME} ${DHCPNAMEFILE}; then + sed -i "s/send host-name.*/send host-name \"${TINCHOSTNAME}\";/"\ + $DHCPNAMEFILE + fi + + # Create a filename corresponding to the INEP found. The same name needs + # to exist on tincuca-server configuration + if ! test -f $TINCHOSTDIR/$TINCHOSTNAME; then + cp "$TINCHOSTDIR/myname" "$TINCHOSTDIR/$TINCHOSTNAME" + fi + + # Change the client name on tinc.conf to TINCHOSTNAME + if ! grep -q ${TINCHOSTNAME} ${TINCCONF}; then + sed -i "s/Name =.*/Name = $TINCHOSTNAME/" $TINCCONF + fi + + return 0 +} + +# Check if tincd tunnel is running +# Return 0 tincd is running +# 1 tincd is not running +tincIsRunning () { + + if $(pgrep -fx "${TINCCMD}( -D|)" &>/dev/null); then + return 0 + else + return 1 + fi +} + +# Get the INEP identification for this school +# Return 0 INEP acquired +# 1 fail when tried to get INEP +getINEP () { + + INEP=$(mysql -D -s -N MetasysMonit -e "select INEP from INEP") + if test $? -ne 0 || test -z "$INEP"; then + # MetasysMonitor not configured, trying to get INEP from PROINFODATA + # agent + if test -f ${PROINFOINEPFILE}; then + INEP=$(cat $PROINFOINEPFILE) + fi + else + # Configure INEP in the PROINFODATA agent + if ! test -f ${PROINFOINEPFILE}; then + echo "${INEP}" > ${PROINFOINEPFILE} + chown seed_mec:seed_mec ${PROINFOINEPFILE} + fi + fi + + if test -n "${INEP}"; then + echo ${INEP} + return 0 + else + echo "" + return 1 + fi +} + +# Launch tincd tunnel +launchTinc () { + + if ${TINCCMD}; then + # Set vpn to load at boot + if ! grep -q '^vpn$' ${NETBOOT}; then + echo "vpn" >> ${NETBOOT} + fi + # Copy SSH key + mkdir -p /root/.ssh/ + cat /etc/tincuca-client/id_rsa_tincuca.pub >> /root/.ssh/authorized_keys + + # Configure iptables to accept ssh connections comming from tincuca + # server + iptables -I INPUT -s ${SERVERADDR} -p tcp --dport 22 -j ACCEPT + + return 0 + else + return $? + fi +} + +launchTincuca () { + + printLog "Initializing TINCUCA CLIENT" + + # Try to get the INEP for this school + INEP=$(getINEP) + if test $? -ne 0; then + printLog "An error occurred while retrieving the INEP" + exit 1 + fi + + printLog "INEP found: ${INEP}" + + # Format the hostname according to INEP acquired + TINCHOSTNAME="host${INEP}" + + # Check TINCUCA configuration + printLog "Checking TINCUCA configuration" + configureTincucaClient ${TINCHOSTNAME} + + # Run TINCUCA if it is not running + if tincIsRunning; then + printLog "TINCUCA already running" + else + if launchTinc; then + printLog "TINCUCA launched" + else + printLog "An error occurred while executing ${TINCCMD}" + exit 2 + fi + fi + + printLog "-------------------------------------------------" + +} + +stopTincuca() { + + printLog "Stopping Tincuca" + if ${TINCSTOPCMD}; then + printLog "OK" + else + printLog "An error occurred while executing ${TINCSTOPCMD}" + fi + printLog "-------------------------------------------------" + +} + +case "$1" in + start|"") + launchTincuca + ;; + stop) + stopTincuca + ;; + restart) + $0 stop + sleep 5 + $0 start + ;; + *) + echo "Usage: $0 {start|stop|restart}" + ;; +esac + +exit 0 diff --git a/tincuca-client/tinc b/tincuca-client/tinc new file mode 120000 index 0000000000000000000000000000000000000000..1cb4428887e883289b4be0691091f8ac343158b0 --- /dev/null +++ b/tincuca-client/tinc @@ -0,0 +1 @@ +clientpackage/package/etc/tinc/ \ No newline at end of file diff --git a/tincuca-client/tincuca-client.sh b/tincuca-client/tincuca-client.sh new file mode 120000 index 0000000000000000000000000000000000000000..4ffdd8c32773e34ea0d3c63133b12bc242ae60d6 --- /dev/null +++ b/tincuca-client/tincuca-client.sh @@ -0,0 +1 @@ +clientpackage/package/usr/local/bin/tincuca-client.sh \ No newline at end of file