1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#!/usr/bin/python
# Lifted from Russ Dill's juniper-vpn-wrap.py, thus:
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import subprocess
import mechanize
import cookielib
import getpass
import sys
import os
import zipfile
import urllib
import socket
import ssl
import errno
import argparse
import atexit
import signal
import ConfigParser
import time
import binascii
import hmac
import hashlib
def mkdir_p(path):
try:
os.mkdir(path)
except OSError, exc:
if exc.errno == errno.EEXIST and os.path.isdir(path):
pass
else:
raise
class Tncc:
def __init__(self, vpn_host):
self.vpn_host = vpn_host;
self.plugin_jar = '/usr/share/icedtea-web/plugin.jar'
if not os.path.isfile(self.plugin_jar):
raise Exception(self.plugin_jar + ' not found')
self.user_agent = 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1'
def tncc_init(self):
class_names = ('net.juniper.tnc.NARPlatform.linux.LinuxHttpNAR',
'net.juniper.tnc.HttpNAR.HttpNAR')
self.class_name = None
self.tncc_jar = os.path.expanduser('~/.juniper_networks/tncc.jar')
try:
if zipfile.ZipFile(self.tncc_jar, 'r').testzip() is not None:
raise Exception()
except:
print 'Downloading tncc.jar...'
mkdir_p(os.path.expanduser('~/.juniper_networks'))
urllib.urlretrieve('https://' + self.vpn_host
+ '/dana-cached/hc/tncc.jar', self.tncc_jar)
with zipfile.ZipFile(self.tncc_jar, 'r') as jar:
for name in class_names:
try:
jar.getinfo(name.replace('.', '/') + '.class')
self.class_name = name
break
except:
pass
if self.class_name is None:
raise Exception('Could not find class name for', self.tncc_jar)
self.tncc_preload = \
os.path.expanduser('~/.juniper_networks/tncc_preload.so')
if not os.path.isfile(self.tncc_preload):
raise Exception('Missing', self.tncc_preload)
def tncc_start(self):
# tncc is the host checker app. It can check different
# security policies of the host and report back. We have
# to send it a preauth key (from the DSPREAUTH cookie)
# and it sends back a new cookie value we submit.
# After logging in, we send back another cookie to tncc.
# Subsequently, it contacts https://<vpn_host:443 every
# 10 minutes.
if not self.tncc_jar:
self.tncc_init()
null = open(os.devnull, 'w')
self.tncc_process = subprocess.Popen(['java',
'-classpath', self.tncc_jar + ':' + self.plugin_jar,
self.class_name,
'log_level', '100',
'postRetries', '6',
'ivehost', self.vpn_host,
'home_dir', os.path.expanduser('~'),
'Parameter0', '',
'user_agent', self.user_agent,
], env={'LD_PRELOAD': self.tncc_preload})
if __name__ == "__main__":
if len(sys.argv) <= 1:
raise Exception("Usage: ...")
tncc = Tncc(sys.argv[1])
tncc.tncc_init()
tncc.tncc_start()
|