kris
/
juniper-vpn-py
1
0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 활동
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 커밋
2 브랜치
44 KiB
 
트리: dde605a981
브랜치 태그
${ item.name }
${ searchTerm } 브랜치 생성
from 'dde605a981'
${ noResults }
juniper-vpn-py/juniper-vpn.py

277 lines
8.8 KiB
Raw Blame 히스토리 

  1. #!/usr/bin/python

  2. # -*- coding: utf-8 -*-

  3. 

  4. import subprocess

  5. import mechanize

  6. import cookielib

  7. import getpass

  8. import sys

  9. import os

  10. import ssl

  11. import errno

  12. import argparse

  13. import atexit

  14. import signal

  15. import ConfigParser

  16. import time

  17. import binascii

  18. import hmac

  19. import hashlib

  20. import shlex

  21. import tncc

  22. 

  23. ssl._create_default_https_context = ssl._create_unverified_context

  24. 

  25. """

  26. OATH code from https://github.com/bdauvergne/python-oath

  27. Copyright 2010, Benjamin Dauvergne

  28. 

  29. * All rights reserved.

  30. * Redistribution and use in source and binary forms, with or without

  31.   modification, are permitted provided that the following conditions are met:

  32. 

  33.      * Redistributions of source code must retain the above copyright

  34.        notice, this list of conditions and the following disclaimer.

  35.      * Redistributions in binary form must reproduce the above copyright

  36.        notice, this list of conditions and the following disclaimer in the

  37.        documentation and/or other materials provided with the distribution.'''

  38. """

  39. 

  40. def truncated_value(h):

  41.     bytes = map(ord, h)

  42.     offset = bytes[-1] & 0xf

  43.     v = (bytes[offset] & 0x7f) << 24 | (bytes[offset+1] & 0xff) << 16 | \

  44.             (bytes[offset+2] & 0xff) << 8 | (bytes[offset+3] & 0xff)

  45.     return v

  46. 

  47. def dec(h,p):

  48.     v = truncated_value(h)

  49.     v = v % (10**p)

  50.     return '%0*d' % (p, v)

  51. 

  52. def int2beint64(i):

  53.     hex_counter = hex(long(i))[2:-1]

  54.     hex_counter = '0' * (16 - len(hex_counter)) + hex_counter

  55.     bin_counter = binascii.unhexlify(hex_counter)

  56.     return bin_counter

  57. 

  58. def hotp(key):

  59.     key = binascii.unhexlify(key)

  60.     counter = int2beint64(int(time.time()) / 30)

  61.     return dec(hmac.new(key, counter, hashlib.sha256).digest(), 6)

  62. 

  63. class juniper_vpn(object):

  64.     def __init__(self, args):

  65.         self.args = args

  66.         self.fixed_password = args.password is not None

  67.         self.last_connect = 0

  68. 

  69.         self.br = mechanize.Browser()

  70. 

  71.         self.cj = cookielib.LWPCookieJar()

  72.         self.br.set_cookiejar(self.cj)

  73. 

  74.         # Browser options

  75.         self.br.set_handle_equiv(True)

  76.         self.br.set_handle_redirect(True)

  77.         self.br.set_handle_referer(True)

  78.         self.br.set_handle_robots(False)

  79. 

  80.         # Follows refresh 0 but not hangs on refresh > 0

  81.         self.br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(),

  82.                               max_time=1)

  83. 

  84.         # Want debugging messages?

  85.         #self.br.set_debug_http(True)

  86.         #self.br.set_debug_redirects(True)

  87.         #self.br.set_debug_responses(True)

  88. 

  89.         self.user_agent = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1'

  90.         self.br.addheaders = [('User-agent', self.user_agent)]

  91. 

  92.         self.last_action = None

  93.         self.needs_2factor = False

  94.         self.key = None

  95. 

  96.     def find_cookie(self, name):

  97.         for cookie in self.cj:

  98.             if cookie.name == name:

  99.                 return cookie

  100.         return None

  101. 

  102.     def next_action(self):

  103.         if self.find_cookie('DSID'):

  104.             return 'connect'

  105. 

  106.         for form in self.br.forms():

  107.             if form.name == 'frmLogin':

  108.                 return 'login'

  109.             elif form.name == 'frmDefender':

  110.                 return 'key'

  111.             elif form.name == 'frmConfirmation':

  112.                 return 'continue'

  113.             else:

  114.                 raise Exception('Unknown form type:', form.name)

  115.         return 'tncc'

  116. 

  117.     def run(self):

  118.         # Open landing page

  119.         self.r = self.br.open('https://' + self.args.host)

  120.         while True:

  121.             action = self.next_action()

  122.             if action == 'tncc':

  123.                 self.action_tncc()

  124.             elif action == 'login':

  125.                 self.action_login()

  126.             elif action == 'key':

  127.                 self.action_key()

  128.             elif action == 'continue':

  129.                 self.action_continue()

  130.             elif action == 'connect':

  131.                 self.action_connect()

  132. 

  133.             self.last_action = action

  134. 

  135.     def action_tncc(self):

  136.         # Run tncc host checker

  137.         dspreauth_cookie = self.find_cookie('DSPREAUTH')

  138.         if dspreauth_cookie is None:

  139.             raise Exception('Could not find DSPREAUTH key for host checker')

  140. 

  141.         dssignin_cookie = self.find_cookie('DSSIGNIN')

  142.         t = tncc.tncc(self.args.host);

  143.         self.cj.set_cookie(t.get_cookie(dspreauth_cookie, dssignin_cookie))

  144. 

  145.         self.r = self.br.open(self.r.geturl())

  146. 

  147.     def action_login(self):

  148.         # The token used for two-factor is selected when this form is submitted.

  149.         # If we aren't getting a password, then get the key now, otherwise

  150.         # we could be sitting on the two factor key prompt later on waiting

  151.         # on the user.

  152. 

  153.         if self.args.password is None or self.last_action == 'login':

  154.             if self.fixed_password:

  155.                 print 'Login failed (Invalid username or password?)'

  156.                 sys.exit(1)

  157.             else:

  158.                 self.args.password = getpass.getpass('Password:')

  159.                 self.needs_2factor = False

  160. 

  161.         if self.needs_2factor:

  162.             if self.args.oath:

  163.                 self.key = hotp(self.args.oath)

  164.             else:

  165.                 self.key = getpass.getpass('Two-factor key:')

  166.         else:

  167.             self.key = None

  168. 

  169.         # Enter username/password

  170.         self.br.select_form(nr=0)

  171.         self.br.form['username'] = self.args.username

  172.         self.br.form['password'] = self.args.password

  173.         # Untested, a list of availables realms is provided when this

  174.         # is necessary.

  175.         # self.br.form['realm'] = [realm]

  176.         self.r = self.br.submit()

  177. 

  178.     def action_key(self):

  179.         # Enter key

  180.         self.needs_2factor = True

  181.         if self.args.oath:

  182.             if self.last_action == 'key':

  183.                 print 'Login failed (Invalid OATH key)'

  184.                 sys.exit(1)

  185.             self.key = hotp(self.args.oath)

  186.         elif self.key is None:

  187.             self.key = getpass.getpass('Two-factor key:')

  188.         self.br.select_form(nr=0)

  189.         self.br.form['password'] = self.key

  190.         self.key = None

  191.         self.r = self.br.submit()

  192. 

  193.     def action_continue(self):

  194.         # Yes, I want to terminate the existing connection

  195.         self.br.select_form(nr=0)

  196.         self.r = self.br.submit()

  197. 

  198.     def action_connect(self):

  199.         now = time.time()

  200.         delay = 10.0 - (now - self.last_connect)

  201.         if delay > 0:

  202.             print 'Waiting %.0f...' % (delay)

  203.             time.sleep(delay)

  204.         self.last_connect = time.time();

  205. 

  206.         dsid = self.find_cookie('DSID').value

  207.         action = []

  208.         for arg in self.args.action:

  209.             arg = arg.replace('%DSID%', dsid).replace('%HOST%', self.args.host)

  210.             action.append(arg)

  211. 

  212.         p = subprocess.Popen(action, stdin=subprocess.PIPE)

  213.         if args.stdin is not None:

  214.             stdin = args.stdin.replace('%DSID%', dsid)

  215.             stdin = stdin.replace('%HOST%', self.args.host)

  216.             p.communicate(input = stdin)

  217.         else:

  218.             ret = p.wait()

  219.         ret = p.returncode

  220. 

  221.         # Openconnect specific

  222.         if ret == -errno.EPERM:

  223.             self.cj.clear(self.args.host, '/', 'DSID')

  224.             self.r = self.br.open(self.r.geturl())

  225.         elif ret > 0:

  226.             sys.exit(ret)

  227. 

  228. def cleanup():

  229.     os.killpg(0, signal.SIGTERM)

  230. 

  231. if __name__ == "__main__":

  232.     parser = argparse.ArgumentParser(conflict_handler='resolve')

  233.     parser.add_argument('-h', '--host', type=str,

  234.                         help='VPN host name')

  235.     parser.add_argument('-u', '--username', type=str,

  236.                         help='User name')

  237.     parser.add_argument('-o', '--oath', type=str,

  238.                         help='OATH key for two factor authentication (hex)')

  239.     parser.add_argument('-c', '--config', type=str,

  240.                         help='Config file')

  241.     parser.add_argument('-s', '--stdin', type=str,

  242.                         help="String to pass to action's stdin")

  243.     parser.add_argument('action', nargs=argparse.REMAINDER,

  244.                         metavar='<action> [<args...>]',

  245.                         help='External command')

  246. 

  247.     args = parser.parse_args()

  248.     args.__dict__['password'] = None

  249. 

  250.     if len(args.action) and args.action[0] == '--':

  251.         args.action = args.action[1:]

  252. 

  253.     if not len(args.action):

  254.         args.action = None

  255. 

  256.     if args.config is not None:

  257.         config = ConfigParser.RawConfigParser()

  258.         config.read(args.config)

  259.         for arg in ['username', 'host', 'password', 'oath', 'action', 'stdin']:

  260.             if args.__dict__[arg] is None:

  261.                 try:

  262.                     args.__dict__[arg] = config.get('vpn', arg)

  263.                 except:

  264.                     pass

  265. 

  266.     if not isinstance(args.action, list):

  267.         args.action = shlex.split(args.action)

  268. 

  269.     if args.username == None or args.host == None or args.action == []:

  270.         print "--user, --host, and <action> are required parameters"

  271.         sys.exit(1)

  272. 

  273.     atexit.register(cleanup)

  274.     jvpn = juniper_vpn(args)

  275.     jvpn.run()