This commit is contained in:
emdee 2024-01-15 12:44:06 +00:00
parent 2c8998aeb4
commit f63af45d10
81 changed files with 7849 additions and 218 deletions

View File

@ -1,5 +1,5 @@
[defaults]
log_path = var/tmp/2024/01/08/gentoo_vm-2/base_proxy_toxcore.log
log_path = var/tmp/2024/01/09/gentoo_vm-2/base_proxy_toxcore.log
callback_plugins = ./lib/plugins/
# /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings

View File

@ -2,7 +2,7 @@
---
- hosts: "{{ BOX_HOST }}" # |default('localhost')
- hosts: "{{ BOX_HOST|default('localhost')} }}" # |default('localhost')
#?? become: "{{ 'false' if ansible_connection|default('') == 'chroot' else 'true'}}"
# become_method: "'' if ansible_connection|default('') == 'chroot' else 'sudo'"
gather_facts: true
@ -43,7 +43,7 @@
# other things that use /usr/local, including some things from other OSes.
VAR_LOCAL: "/var/local"
VAR_LOG: "{{VAR_LOCAL}}/var/log/testforge"
PLAY_TESTFORGE_YML: ''
PIP_CACHE: "/root/.cache/pip"
# lynx uses SSL_CERT_DIR/SSL_CERT_FILE
PIP_CA_CERT: "{{USR_LOCAL}}/etc/ssl/cacert-testserver.pem"

45
pyproject.toml Normal file
View File

@ -0,0 +1,45 @@
[project]
name = "stem_examples"
version = "2023.12"
description = "examples of using stem"
authors = [{ name = "emdee", email = "Ingvar@gitgub.com" } ]
requires-python = ">=3.6"
dependencies = [
'stem',
]
keywords = ["stem", "python3", "tor"]
classifiers = [
"License :: OSI Approved",
"Operating System :: POSIX :: BSD :: FreeBSD",
"Operating System :: POSIX :: Linux",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Programming Language :: Python :: 3.8",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: Implementation :: CPython",
]
dynamic = ["version", "readme", ] # cannot be dynamic ['license']
scripts = { exclude_badExits = "stem_examples.exclude_badExits:iMain" }
#[project.license]
#file = "LICENSE.md"
[project.urls]
repository = "https://git.plastiras.org/emdee/stem_examples"
[build-system]
requires = ["setuptools >= 61.0"]
build-backend = "setuptools.build_meta"
[tool.setuptools.dynamic]
version = {attr = "stem_examples.__version__"}
readme = {file = ["README.md", "exclude_badExits.md"]}
[tool.setuptools]
packages = ["stem_examples"]
#[tool.setuptools.packages.find]
#where = "src"

View File

@ -1,4 +1,6 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=toxcore
#https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-055.tar.sign

View File

@ -0,0 +1,8 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=toxcore
iptables-legacy -F;iptables-legacy -F -t nat;iptables-legacy -F -t mangle
iptables-legacy-restore </etc/firewall.conf

View File

@ -1,80 +1,11 @@
#!/bin/sh
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
prog=`basename $0`
PREFIX=/usr/local
ROLE=toxcore
[ -f $PREFIX/bin/gridfire.rc ] && . $PREFIX/bin/gridfire.rc
MOD=gridfire
DIR=$MOD
GIT_HUB=github.com
GIT_USER=reid-k
GIT_DIR=gridfire
cd /usr/local/src/gridfire || exit 3
DESC=""
[ -f /usr/local/src/usr_local_src.bash ] && \
. /usr/local/src/usr_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
cd $DIR || exit 3
if [ ! -e $MOD.py ] ; then
route|grep -q ^default || exit 0
wget -c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py
fi
#[ -f $MOD.sh ] || \
# cp -p $PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR/$MOD.sh .
for VER in 2 3 ; do
PYVER=$VER
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
if [ ! -e $PREFIX/bin/$MOD$VER.bash ] ; then
cat > $PREFIX/bin/$MOD$VER.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=$ROLE
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
exec $PYTHON_EXE_MSYS $PREFIX/src/$DIR/$MOD.py "\$@"
EOF
chmod 755 $PREFIX/bin/$MOD$VER.bash
fi
done
# default to python2
BINS=$MOD
msys_install_python_scripts $BINS
cd bin || exit 4
for file in *.bash *.py ; do
[ $file = gridfire_ansible-vault.bash ] && continue
[ -x $PREFIX/bin/$file ] && diff -q $file $PREFIX/bin/$file && continue
cp -p $file $PREFIX/bin
[ -x $PREFIX/bin/$file ] || chmod 775 $PREFIX/bin/$file
done
cd ..
#[ -d /usr/lib64/misc/ ] && [ ! -e /usr/lib64/misc/ssh-askpass ] \
# && sudo ln -s $PREFIX/bin/$MOD.bash /usr/lib64/misc/ssh-askpass
retval=0
[ -z "$BOX_OS_FLAVOR" ] && BOX_OS_FLAVOR="Linux"
make all-$BOX_OS_FLAVOR
OPREFIX=$PREFIX/share/genkernel/overlay
dist=dist-$BOX_OS_FLAVOR
[ -d $OPREFIX/bin ] || { sudo mkdir -p $OPREFIX/bin ; sudo chmod 1777 $OPREFIX/bin ; }
[ ! -x $dist/$MOD ] || \
[ -x $OPREFIX/bin/$MOD -a $OPREFIX/bin/$MOD -nt $dist/$MOD ] || \
cp -p $dist/$MOD $OPREFIX/bin/ || exit 9
# libc.so.1 libz.so.1 libdl.so.1
exit 0
elif [ "$1" = 'test' ] ; then
$PREFIX/bin/$MOD.bash --help >/dev/null || exit 10
make test >/dev/null || exit 11
fi
exec /usr/local/bin/python3.sh gridfire.py "$@"

View File

@ -0,0 +1,59 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/bin/gridfire.rc
declare -a ELTS LARGS RARGS
ELTS=(
gridfire_ansible-vault.sh
gridfire_keepassxc-cli.sh
gridfire_keepassxc.sh
gridfire_keyring.sh
gridfire_openssl.sh
gridfire_secret-tool.sh
gridfire_staticgpg.sh
gridfire_truecrypt.sh
gridfire_veracrypt.sh
)
SHORTOPTS="ha:cgulbodfpwm:nv:s:D:P:H:A:"
OARGS="$@"
ARGS=$(getopt --options $SHORTOPTS -- "$@")
[ $? != 0 ] && error 2 "Aborting."
eval set -- "$ARGS"
while true; do
case "$1" in
-h|-c|-g|-u|-l|-b|-o|-d|-f|-p|-w|-n)
LARGS+=($1)
shift;;
-a|-m|-v|-s|-D|-P|-H|-A)
LARGS+=($1)
shift
LARGS+=($1)
shift;;
'--')
shift
RARGS=("$@")
break
;;
esac
done
#echo DEBUG: LARGS ${LARGS[@]}
#echo DEBUG: RARGS ${RARGS[@]}
case ${RARGS[0]} in
ansible-vault|keepassxc-cli|keepassxc|keyring|openssl|secret-tool|staticgpg|truecrypt|veracrypt|foo)
elt=gridfire_${RARGS[0]}.bash
unset ${RARGS[0]}
RARGS[0]=""
exec bash $elt ${LARGS[@]} ${RARGS[@]}
;;
esac
# echo ${RARGS[@]}
exec python3.sh $PREFIX/src/gridfire/gridfire.py "$OARGS"

View File

@ -0,0 +1,11 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# https://github.com/reid-k/gridfire/
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=toxcore
PYVER=2
exec python$PYVER.sh /usr/local/src/gridfire/gridfire.py "$OARGS"

View File

@ -0,0 +1,9 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=toxcore
PYVER=3
exec python$PYVER.sh /usr/local/src/gridfire/gridfire.py "$@"

View File

@ -0,0 +1,13 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=toxcore
PYVER=3
. /usr/local/bin/gridfire.rc
export PYTHONPATH=$PREFIX/src/gridfire
exec $PREFIX/bin/gridfire -H "ansible-vault.py" -- \
$PREFIX/bin/python$PYVER.sh $PREFIX/src/gridfire/ansible-vault.py "$@"

View File

@ -0,0 +1,174 @@
#!/usr/local/bin/python2.sh
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
########################################################
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
__requires__ = ['ansible']
import os
import shutil
import sys
import traceback
from ansible import context
from ansible.errors import AnsibleError, AnsibleOptionsError, AnsibleParserError
from ansible.module_utils._text import to_text
from gridfire import getpass
ROLE=toxcore
# Used for determining if the system is running a new enough python version
# and should only restrict on our documented minimum versions
_PY3_MIN = sys.version_info[:2] >= (3, 5)
_PY2_MIN = (2, 6) <= sys.version_info[:2] < (3,)
_PY_MIN = _PY3_MIN or _PY2_MIN
if not _PY_MIN:
raise SystemExit('ERROR: Ansible requires a minimum of Python2 version 2.6 or Python3 version 3.5. Current version: %s' % ''.join(sys.version.splitlines()))
class LastResort(object):
# OUTPUT OF LAST RESORT
def display(self, msg, log_only=None):
print(msg, file=sys.stderr)
def error(self, msg, wrap_text=None):
print(msg, file=sys.stderr)
def prompt(self, msg, private=True):
return getpass(msg)
if __name__ == '__main__':
display = LastResort()
try: # bad ANSIBLE_CONFIG or config options can force ugly stacktrace
import ansible.constants as C
from ansible.utils.display import Display
except AnsibleOptionsError as e:
display.error(to_text(e), wrap_text=False)
sys.exit(5)
_Display = Display
class MyDisplay(_Display):
name = 'getpass'
def prompt(self, prompt, private=True):
return getpass(prompt)
Display = MyDisplay
display = MyDisplay()
from ansible.parsing import vault
vault.display = display
cli = None
me = os.path.basename(sys.argv[0])
try:
display.v("starting run")
sub = None
target = me.split('-')
if target[-1][0].isdigit():
# Remove any version or python version info as downstreams
# sometimes add that
target = target[:-1]
if len(target) > 1:
sub = target[1]
myclass = "%sCLI" % sub.capitalize()
elif target[0] == 'ansible':
sub = 'adhoc'
myclass = 'AdHocCLI'
else:
raise AnsibleError("Unknown Ansible alias: %s" % me)
try:
mycli = getattr(__import__("ansible.cli.%s" % sub, fromlist=[myclass]), myclass)
except ImportError as e:
# ImportError members have changed in py3
if 'msg' in dir(e):
msg = e.msg
else:
msg = e.message
if msg.endswith(' %s' % sub):
raise AnsibleError("Ansible sub-program not implemented: %s" % me)
raise
mycli.display = display
try:
args = [to_text(a, errors='surrogate_or_strict') for a in sys.argv]
except UnicodeError:
display.error('Command line args are not in utf-8, unable to continue. Ansible currently only understands utf-8')
display.display(u"The full traceback was:\n\n%s" % to_text(traceback.format_exc()))
exit_code = 6
else:
cli = mycli(args)
cli.parse()
cli.display = display
# import pdb; pdb.set_trace()
exit_code = cli.run()
except AnsibleOptionsError as e:
cli.parser.print_help()
display.error(to_text(e), wrap_text=False)
exit_code = 5
except AnsibleParserError as e:
display.error(to_text(e), wrap_text=False)
exit_code = 4
# TQM takes care of these, but leaving comment to reserve the exit codes
# except AnsibleHostUnreachable as e:
# display.error(str(e))
# exit_code = 3
# except AnsibleHostFailed as e:
# display.error(str(e))
# exit_code = 2
except AnsibleError as e:
display.error(to_text(e), wrap_text=False)
exit_code = 1
except KeyboardInterrupt:
display.error("User interrupted execution")
exit_code = 99
except Exception as e:
if C.DEFAULT_DEBUG:
# Show raw stacktraces in debug mode, It also allow pdb to
# enter post mortem mode.
raise
have_cli_options = bool(context.CLIARGS)
display.error("Unexpected Exception, this is probably a bug: %s" % to_text(e), wrap_text=False)
if not have_cli_options or have_cli_options and context.CLIARGS['verbosity'] > 2:
log_only = False
if hasattr(e, 'orig_exc'):
display.vvv('\nexception type: %s' % to_text(type(e.orig_exc)))
why = to_text(e.orig_exc)
if to_text(e) != why:
display.vvv('\noriginal msg: %s' % why)
else:
display.display("to see the full traceback, use -vvv")
log_only = True
display.display(u"the full traceback was:\n\n%s" % to_text(traceback.format_exc()), log_only=log_only)
exit_code = 250
finally:
# Remove ansible tmpdir
shutil.rmtree(C.DEFAULT_LOCAL_TMP, True)
sys.exit(exit_code)

View File

@ -0,0 +1,17 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
COMMAND=$1
shift
RARGS="--pw-stdin"
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
exec $PREFIX/bin/gridfire -H "keepassxc-cli.bash $tail" -- \
keepassxc-cli.bash $COMMAND $RARGS "$@"

View File

@ -0,0 +1,20 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
LARGS="--bg"
LARGS=""
RARGS="--pw-stdin"
INFO $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
keepassxc $RARGS "$@"
exec $PREFIX/bin/gridfire -H "keepassxc $tail" $LARGS -- \
keepassxc $RARGS "$@"

View File

@ -0,0 +1,58 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/bin/usr_local_tput.bash || exit 2
if [ "$#" -eq 0 ] ; then
echo USAGE: $0 [options]
cat << EOF
USAGE:
--password PASSWORD Database password.
--password-command PW_CMD
Password will be obtained from the output of this
command.
--keyfile KEYFILE Key file for unlocking database.
--pinentry PINENTRY Command used to run pinentry.
-c COMMAND, --command COMMAND
Command to execute. If command arguments contain
spaces, they must be enclosed in double quotes. With
this switch, kpsh will be started in non-interactive
mode. A list of available commands can be found by
running 'kpsh -c help':
{open,unlock,lock,db,ls,show,add,edit,delete,move,autotype,exit,echo,sleep,help}
open Change currently opened database.
unlock Unlock currently opened database.
lock Lock a database.
db Query opened database info.
ls List contents of database.
show Show contents of entry.
add Add a new entry if it doesn't exist yet.
edit Edit existing entry
delete Delete entry from database
move Move entry to the new path.
autotype Auto-type sequence of entry fields.
exit Exit shell.
echo Display a message.
sleep Sleep for a given number of seconds.
--prompt PROMPT Text used by shell for prompt.
-d, --daemon Start as a daemon listening on a socket given by
--socket-path
-s SOCKET_PATH, --socket-path SOCKET_PATH
Path to the socket which will be created in daemon
mode (default: /tmp/kpsh-$UID.sock).
USAGE: $0 -- kpsh-args
`basename $0` arguments go before the -- kpsh args go after
EOF
exit 1
fi
# FixMe: nonewline
exec $PREFIX/bin/gridfire -H "kpsh password on stdin" --stdin -- \
kpsh "$@"

View File

@ -0,0 +1,187 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/bin/gridfire.rc
COMMANDS=(
asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec
ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp
passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand rehash req
rsa rsautl s_client s_server s_time sess_id smime speed spkac srp
storeutl ts verify version x509 dgst enc
)
# for elt in ${COMMANDS[*]}; do echo INFO: openssl $elt;openssl $elt -help;done
usage () {
echo "USAGE: recognized commands are - ${PASSIN_COMMANDS[*]} ${PASSOUT_COMMANDS[*]} ${PASS_COMMANDS[*]}"
return 0
}
if [ "$#" -eq 0 ] || [ "$1" = '--help' ] || [ "$1" = '-h' ] ; then
echo USAGE: $0 command [options]
cat << EOF
Recognized commands:
-passin commands: -passin pass:stdin
ca \
-passin val Input file pass phrase source
cms
-pwri_password val (No additional info)
-passin val Input file pass phrase source
dgst
-passin val Input file pass phrase source
pkeyutl
-passin val Input file pass phrase source
rsautl
-passin val Input file pass phrase source
smime
-passin val Input file pass phrase source
spkac
-passin val Input file pass phrase source
storeutl
-passin val Input file pass phrase source
ts
-passin val Input file pass phrase source
x509
-passin val Private key password/pass-phrase source
dgst
-passin val Input file pass phrase source
-passout commands: -passout pass:stdin
gendsa
-passout val Output file pass phrase source
genrsa
-passout val Output file pass phrase source
-pass commands: -pass pass:stdin
enc
-pass val Passphrase source
genpkey
-pass val Output file pass phrase source
Options:
pass:stdin
pass:fd0
EOF
exit 1
fi
COMMAND=$1
# FixMe: make sure command is first
if [ $COMMAND = '-help' ] || [ $COMMAND = '--help' ] ; then
usage
echo "USAGE: all openssl commands are - ${COMMANDS[*]}"
exit 0
fi
if [ "${COMMAND:0:1}" = "-" ] ; then
echo "USAGE: command args - command must precede args"
usage
exit 1
fi
case $COMMAND in \
# PASSIN_COMMANDS=(
ca \
| cms \
| dgst \
| pkeyutl \
| rsautl \
| smime \
| spkac \
| storeutl \
| ts \
| x509 \
| dgst \
) # FixMe: check if already there
LARGS="-passin pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASSOUT_COMMANDS=(
gendsa \
| genrsa \
) # FixMe: check if already there
LARGS="-passout pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASS_COMMANDS=( \
enc \
| genpkey \
) # FixMe: check if already there
LARGS="-pass pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASSNOV_COMMANDS=( \
passwd \
| '-in infile Read passwords from file' \
| '-noverify Never verify when reading password from terminal' \
| '-stdin Read passwords from stdin' \
) # FixMe: check if already there
#? conflicts with -in?
LARGS=" -noverify -stdin"
bash $PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;;
# PASSINOUT_COMMANDS=( \
pkcs8 \
| '-passin val Input file pass phrase source' \
| '-passout val Output file pass phrase source' \
| pkey \
| '-passin val Input file pass phrase source' \
| '-passout val Output file pass phrase source' \
| rsa \
| '-passout val Output file pass phrase source' \
| '-passin val Input file pass phrase source' \
| srp \
| '-passin val Input file pass phrase source' \
| '-passout val Output file pass phrase source' \
) # FixMe: check if already there
# FixMe: fd:
LARGS="--passin"
passin=`sh $PREFIX/bin/gridfire -H "openssl $LARGS" `
LARGS="-passin pass:$passin -passout pass:stdin"
bash $PREFIX/bin/gridfire -H "openssl -passout pass:stdin" -- openssl $LARGS "$@" || exit $?
esac
exit 0
# PASSDPASS_COMMANDS=( \
s_server \
# -pass val Private key file pass phrase source \
# -dpass val Second private key file pass phrase source \
) # FixMe: check if already there
# FixMe: fd:
pass=`sh $PREFIX/bin/gridfire.bash`
LARGS="-pass pass:$pass -dpass pass:stdin"
bash $PREFIX/bin/gridfire -- openssl $LARGS "$@" || exit $?
;; # PASSKPASS_COMMANDS=( \
enc \
# -pass val Passphrase source \
# -kfile infile Read passphrase from file \
) # FixMe: check if already there
# FixMe: fd:
#?pass=`sh $PREFIX/bin/gridfire.bash`
#?LARGS="-pass pass:$pass -dpass pass:stdin"
LARGS="-pass pass:stdin"
$PREFIX/bin/gridfire -H "openssl $LARGS" -- openssl $LARGS "$@" || exit $?
;; # PASSINOUTWORD_COMMANDS=( \ \
pkcs12 \
# -twopass Separate MAC, encryption passwords \
# -passin val Input file pass phrase source \
# -passout val Output file pass phrase source \
# -password val Set import/export password source \
) # FixMe: check if already there
# FixMe: pass: prefix
$PREFIX/bin/gridfire -H "-passin pass:" --single "passin" -- sh $PREFIX/bin/gridfire -H "-passout stdin" -- openssl "$@" || exit $?
esac

View File

@ -0,0 +1,27 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/bin/usr_local_tput.bash || exit 2
if [ "$#" -eq 0 ] ; then
echo USAGE: $0 [options]
cat << EOF
usage: secret-tool store --label='label' attribute value ...
secret-tool lookup attribute value ...
secret-tool clear attribute value ...
secret-tool search [--all] [--unlock] attribute value ...
USAGE: $0 -- secret-tool-args
`basename $0` arguments go before the -- secret-tool args go after
EOF
exit 1
fi
# FixMe: nonewline
exec $PREFIX/bin/gridfire -H "secret-tool password on stdin" --stdin -- \
secret-tool "$@"

View File

@ -0,0 +1,11 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
#? --pinentry-mode loopback
exec $PREFIX/bin/gridfire -H "staticgpg --passphrase-fd 0" -- \
staticgpg --passphrase-fd 0 "$@"

View File

@ -0,0 +1,104 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
PYVER=3
EXE=/var/local/bin/tomb.bash
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
# python3 -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"
# ~/.local/share/python_keyring
# what goes on stdin - the passwd to the keyfile with the keyfile as an arg?
# or open the keyfile?
# passwd from gridfire or from keepass
usage() {
echo "Syntax: tomb [options] command [arguments]"
echo
echo " // Creation:"
echo " dig create a new empty TOMB file of size -s in MiB"
echo " forge create a new KEY file and set its password"
echo " lock installs a lock on a TOMB to use it with KEY"
echo
echo " // Operations on tombs:"
echo " open open an existing TOMB (-k KEY file or - for stdin)"
echo " index update the search indexes of tombs"
echo " search looks for filenames matching text patterns"
echo " list list of open TOMBs and information on them"
echo " ps list of running processes inside open TOMBs"
echo " close close a specific TOMB (or 'all')"
echo " slam slam a TOMB killing all programs using it"
[[ $RESIZER == 1 ]] && {
echo " resize resize a TOMB to a new size -s (can only grow)"
}
echo
echo " // Operations on keys:"
echo " passwd change the password of a KEY (needs old pass)"
echo " setkey change the KEY locking a TOMB (needs old key and pass)"
echo
[[ $QRENCODE == 1 ]] && {
echo " // Backup on paper:"
echo " engrave makes a QR code of a KEY to be saved on paper"
echo
}
[[ $STEGHIDE == 1 || $CLOAKIFY == 1 || $DECLOAKIFY == 1 ]] && {
echo " // Steganography:"
[[ $STEGHIDE == 1 ]] && {
echo " bury hide a KEY inside a JPEG image (for use with -k)"
echo " exhume extract a KEY from a JPEG image (prints to stdout)"
}
[[ $CLOAKIFY == 1 ]] && {
echo " cloak transform a KEY into TEXT using CIPHER (for use with -k)"
}
[[ $DECLOAKIFY == 1 ]] && {
echo " uncloak extract a KEY from a TEXT using CIPHER (prints to stdout)"
}
echo
}
echo "Options:"
echo
echo " -s size of the tomb file when creating/resizing one (in MiB)"
echo " -k path to the key to be used ('-k -' to read from stdin)"
echo " -n don't launch the execution hooks found in tomb"
echo " -p preserve the ownership of all files in tomb"
echo " -o options passed to commands: open, lock, forge (see man)"
echo " -f force operation (i.e. even if swap is active)"
echo " -g use a GnuPG key to encrypt a tomb key"
echo " -r provide GnuPG recipients (separated by comma)"
echo " -R provide GnuPG hidden recipients (separated by comma)"
[[ $SPHINX == 1 ]] && {
echo " --sphx-user user associated with the key (for use with pitchforkedsphinx)"
echo " --sphx-host host associated with the key (for use with pitchforkedsphinx)"
}
[[ $KDF == 1 ]] && {
echo " --kdf forge keys armored against dictionary attacks"
}
echo
echo " -q run quietly without printing informations"
echo " -D print debugging information at runtime"
}
# FixMe: make sure command is first
if [ "$#" -eq 0 ] || [ "$1" = '--help' -o "$1" = 'help' ] ; then
# usage
# exit 0
:
fi
LARGS="-H \"tomb $tail\""
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
if [[ "$*" =~ "-- " ]];then
RARGS=`echo $*|sed -e "s/-- /-- $EXE/"`
exec $PREFIX/bin/gridfire $LARGS $RARGS
else
exec $PREFIX/bin/gridfire $LARGS -- $EXE "$@"
fi

View File

@ -0,0 +1,32 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
usage () {
echo USAGE: $0 [options]
cat << EOF
USAGE: $0 [--arg password ] -- truecrypt-args
`basename $0` arguments go before the -- truecrypt args go after
MINIMUM of 2 args for truecrypt
EOF
exit 1
}
if [ "$#" -eq 0 ] ; then
usage
fi
if [ "$#" -lt 2 ] ; then
usage
fi
tail=`sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/' <<< $@`
RARGS="--non-interactive"
exec $PREFIX/bin/gridfire --double password -E -B -H "truecrypt-console $tail" -- \
$PREFIX/bin/truecrypt-console.bash $RARGS "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,25 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/gridfire.rc
if [ "$#" -eq 0 ] ; then
echo USAGE: $0 [options]
cat << EOF
USAGE: $0 [--arg password ] -- truecrypt-args
`basename $0` arguments go before the -- truecrypt args go after
EOF
exit 1
fi
tail=`sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/' <<< $@`
exec $PREFIX/bin/gridfire -E --double password -H "truecrypt $tail" -- \
$PREFIX/bin/truecrypt.bash "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,36 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
usage () {
echo USAGE: $0 [options]
cat << EOF
USAGE: $0 [--arg password ] -- veracrypt-args
`basename $0` arguments go before the -- veracrypt args go after
MINIMUM of 2 args for veracrypt
EOF
exit 1
}
if [ "$#" -eq 0 ] ; then
usage
fi
if [ "$#" -lt 2 ] ; then
usage
fi
RARGS=""
[[ "$*" =~ "--stdin" ]] || LARGS="--stdin $LARGS"
#no [[ "$*" =~ "--create" ]] && LARGS="--repeat $LARGS"
#no [[ "$*" =~ "--new-password=" ]] && LARGS="--repeat $LARGS"
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
$PREFIX/bin/gridfire $LARGS -H "veracrypt-console $tail" -- \
$PREFIX/bin/veracrypt-console.bash $RARGS "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,17 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/gridfire.rc
tail=`echo $@ | sed -e 's/.* \([^ ]*\) \([^ ]*\)/\1 \2/'`
RARGS=""
[[ "$*" =~ "--stdin" ]] || RARGS="--stdin $RARGS"
exec $PREFIX/bin/gridfire -H "veracrypt $tail" -- \
$PREFIX/bin/veracrypt.bash $RARGS "$@"
# FixMe: --new-password=<str> New password

View File

@ -0,0 +1,15 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f $PREFIX/bin/gridfire.rc ] && . $PREFIX/bin/gridfire.rc
[ -e /run ] || exit 1
cd $PREFIX/src/gridfire || exit 3
export PYTHONPATH=$PREFIX/src/gridfire/pyassuan:$PREFIX/src/gridfire:$PWD
exec $PREFIX/bin/python3.sh bin/pinentry_gridfire.py "$@"

View File

@ -1,36 +1,52 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# on stdout - messages on stderr
# retval on stdout - messages on stderr
. /usr/local/bin/usr_local_tput.bash
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
base=AnsI
AnsI=AnsI
# quiet
[ "$#" -eq 0 ] && exit 1
VARIABLE=$1
shift
[ "$#" -eq 0 ] && base=`hostname` || base=$1
[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
[ -n "$PLAY_ANSIBLE_SRC" ] || PLAY_ANSIBLE_SRC=$BASE_ANSIBLE_SRC
[ -z "$PLAY_ANSIBLE_SRC" ] && ERROR export "PLAY_ANSIBLE_SRC" >&2 && exit 3
[ ! -d "$PLAY_ANSIBLE_SRC" ] && ERROR ! -d "PLAY_ANSIBLE_SRC" >&2 && exit 4
[ ! -f "$PLAY_ANSIBLE_SRC"/hosts.yml ] && ERROR ! -f "PLAY_ANSIBLE_SRC"/hosts.yml >&2 && exit 4
name=`hostname`
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] && [ -f $TESTFORGE_ANSIBLE_SRC/hosts.yml ] ; then
base=$name
ansible-inventory -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$TESTFORGE_ANSIBLE_SRC \
DBUG ansible-inventory -i $PLAY_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$PLAY_ANSIBLE_SRC \
--host=$base >&2
ansible-inventory -i $PLAY_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$PLAY_ANSIBLE_SRC \
--host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err
if [ $? -eq 0 -a -f /tmp/${AnsI}$$.json ] ; then
retval=$?
if [ $retval -eq 0 ] ; then
[ ! -s /tmp/${AnsI}$$.json ] && ERROR empty /tmp/${AnsI}$$.json >&2 && exit 4
#!? export
VALUE=`jq .$VARIABLE </tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo`
# [ -n "$DEBUG" ] && echo >&2 "DEBUG: $prog base=$base VALUE=$VALUE"
[ "$VALUE" = "null" ] && VALUE=""
echo -n "$VALUE"
VALUE=`jq .$VARIABLE < /tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo 2>/tmp/${AnsI}$$.err`
jretval=$?
if [ $jretval -eq 0 ] ; then
[ -n "$DEBUG" ] && DBUG "$prog base=$base VALUE=$VALUE" >&2
[ "$VALUE" = "null" ] && VALUE=""
echo -n "$VALUE"
else
WARN $VARIABLE jretval=$jretval /tmp/${AnsI}$$.err >&2
exit 7$retval
fi
else
ERROR $VARIABLE retval=$retval /tmp/${AnsI}$$.json /tmp/${AnsI}$$.err >&2
cat /tmp/${AnsI}$$.err >&2
exit 8
fi
rm -f /tmp/${AnsI}$$.json
fi
# rm -f /tmp/${AnsI}$$.json
exit 0

View File

@ -1,68 +1,3 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher
# https://code.google.com/p/chromium/issues/detail?id=58831
DIR=testssl.sh
GITHUB_USER=drwetter
GITHUB_DIR=$DIR
. $PREFIX/src/var_local_src.bash
BINS=testssl
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
[ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR
for elt in $BINS ; do
file=$PREFIX/bin/$elt.bash
if [ ! -f $file ] ; then
cat > $file << EOF
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
cd $PREFIX/src/$DIR
exec bash testssl.sh "\$@"
EOF
chmod +x $PREFIX/bin/testssl.bash
fi
done
exit 0
elif [ $1 = 'check' ] ; then # 1*
ols_test_bins && exit 0 || exit 1$?
elif [ $1 = 'lint' ] ; then # 2*
/var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
for bin in $BINS ; do
$PREFIX/bin/$bin.bash --help >/dev/null || exit 3$?
done
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
#error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream
#error: 1970 bytes of body are still expected
#fetch-pack: unexpected disconnect while reading sideband packet
#fatal: early EOF
#fatal: fetch-pack: invalid index-pack output
fi
# wget -P https://testssl.sh/testssl.sh
exit 0
cd /usr/local/src/testssl.sh || exit 1
exec bash testssl.sh "$@"

View File

@ -36,8 +36,6 @@ warns=0
WLOG="$TOXCORE_LOG_DIR"/$ly/W$prog$$.log
ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
#?ols_make_testforge_logs $TOXCORE_LOG_DIR
[ -d /usr/local/share/doc ] || mkdir -p /usr/local/share/doc
[ -d /var/local/share/doc/txt ] && [ ! -d /usr/local/share/doc/txt ] && \
mv /var/local/share/doc/txt /usr/local/share/doc/txt && \
@ -130,7 +128,6 @@ warns=`grep -c WARN: "$WLOG"`
fi
[ $warns -eq 0 -a $errs -eq 0 ] && \
ols_clean_testforge_logs $TOXCORE_LOG_DIR && \
INFO "No $ly errors in $TOXCORE_LOG_DIR"
exit 0

View File

@ -0,0 +1,39 @@
#!/bin/sh
# -*- mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
ROLE=toxcore
prog=$(basename $0 .bash)
KEY=0x066DAFCB81E42C40
TIMEO=15
WARGS="-v -S --dns-timeout $TIMEO --connect-timeout $TIMEO --read-timeout $TIMEO"
. /usr/local/bin/proxy_export.bash
if [ is = dead ] ; then
# URL="http://hkps.pool.sks-keyservers.net:80/pks/lookup?op=get&options=mr&search=$KEY"
URL="http://pgp.mit.edu:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/2$$.log -O /tmp/2$$.html $URL || {
ERROR retval=$? ; cat /tmp/2$$.log; exit 2 ;
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/2$$.html || exit 210
grep -q 'HTTP/1.1 200 OK' /tmp/2$$.log || exit 220
fi
URL="http://keyserver.ubuntu.com:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/3$$.log -O /tmp/3$$.html $URL || {
ERROR retval=$? /tmp/3$$.log
exit 3
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html || {
ERROR '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html
exit 310
}
grep -q 'HTTP/1.1 200 OK' /tmp/3$$.log || {
ERROR NO 'HTTP/1.1 200 OK' /tmp/3$$.log
exit 320
}
exit 0

View File

@ -12,6 +12,9 @@ PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] || \
. /usr/local/etc/testforge/testforge.bash
. /usr/local/bin/usr_local_tput.bash
TOXCORE_LOG_DIR=$PREFIX/var/log
[ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR
@ -29,10 +32,11 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
#?ols_make_testforge_logs $TOXCORE_LOG_DIR
[ -d "$TOXCORE_LOG_DIR"/$ly/ ] && \
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log \
-o -name E${prog}*.log -mtime +1 -delete
if [ -d /etc/libvirt/qemu ] ; then
if [ -d /etc/libvirt/qemu ] && [ $MYID -eq 0 ] ; then
elt=qemu
DBUG elt=$elt
[ -d /var/lib/libvirt/dnsmasq/ ] && \
@ -43,8 +47,8 @@ if [ -d /etc/libvirt/qemu ] ; then
fi
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
if ls /var/log/libvirt/qemu/*.log 2>/dev/null >/dev/null ; then
grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
fi
fi

View File

@ -5,12 +5,13 @@
ROLE=toxcore
RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=3
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || exit 2
[ -f . /usr/local/etc/testforge/testforge.bash ] && \
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -z "$PYVER" ] && PYVER=3
@ -23,7 +24,7 @@ P="BASE_PYTHON${PYVER}_MINOR"
declare -a LARGS
LARGS=( --recursive y --verbose --py-version "$PYTHON_MINOR" --output-format colorized )
[ -f $RCFILE ] || exit 2
[ -f $RCFILE ] || exit 3
LARGS+=( --rcfile $RCFILE )
export PYTHONPATH=$PWD

View File

@ -9,7 +9,7 @@ RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=2
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
[ -x "$PYTHON_EXE_MSYS" ] || exit 2
export PYVER
export PREFIX
export PYTHON_EXE_MSYS

View File

@ -0,0 +1,11 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
export PYVER=2
exec toxcore_run_doctest.bash "$@"

View File

@ -0,0 +1,11 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
export PYVER=3
exec toxcore_run_doctest.bash "$@"

View File

@ -0,0 +1,529 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/proxy_curl_lib.bash
[ -z "$TIMEOUT" ] && TIMEOUT=40
TIMEOUT3=`expr 3 \* $TIMEOUT`
SSLSCAN_ARGS="-4 --show-certificate --bugs --timeout $TIMEOUT"
[ $SSL_VER = 3 ] && SSLSCAN_ARGS="$SSLSCAN_ARGS --tls13" || \
SSLSCAN_ARGS="$SSLSCAN_ARGS --tls12"
# -cipher 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' -debug
# no timeout -no_tls1_1 -no_tls1_2
OPENSSL_ARGS="-4 -showcerts -bugs -status -state -no_ign_eof"
[ $SSL_VER = 3 ] && OPENSSL_ARGS="$OPENSSL_ARGS -tls1_3" || \
OPENSSL_ARGS="$OPENSSL_ARGS -tls1_2"
# --no-colour ?--show-certificate ?--show-client-cas ?--show-ciphers ?--tlsall
TESTSSL_ARGS="-4 --server-defaults --protocols --grease --server-preference --heartbleed --ccs-injection --renegotiation --breach --tls-fallback --drown --assume-http --connect-timeout $TIMEOUT3 --openssl-timeout $TIMEOUT3 --standard --vulnerable --ssl-native --phone-out --nodns none"
ANALYZE_ARGS="--timeout $TIMEOUT --all-ciphers --verbose"
NMAP_ARGS="--script ssl-enum-ciphers -v --script-trace"
# no --cert-status -> ocsp
CURL_ARGS="--silent -vvv --head --connect-timeout $TIMEOUT"
CURL_HTTP_ARGS="$CURL_ARGS --fail --location --http2 --proto-redir https --proto-default https --proto =https"
# [ -d /usr/local/share/ca-certificates/mozilla ] && \
# CURL_ARGS="$CURL_ARGS --capath usr/local/share/ca-certificates/mozilla"
[ $SSL_VER = 3 ] && CURL_ARGS="$CURL_ARGS --tlsv1.3" || \
CURL_ARGS="$CURL_ARGS --tlsv1.2"
NOW=`date +%s`
DATE () {
local elt=$1
shift
# DEBUG=1
$elt $( expr `date +%s` - $NOW )s $*
return 0
}
ssltest_proxies () {
PROXY_SCHEME=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 1 -d ' '`
PROXY_HOST=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 2 -d ' '`
PROXY_PORT=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 3 -d ' '`
# SocksPolicy Accept in /etc/tor/torrc - required and works with sslscan
TESTSSL_ENVS="env MAX_OSSL_FAIL=10 DNS_VIA_PROXY=true PROXY_WAIT=$TIMEOUT"
if [ -n "$SSLTEST_HTTP_PROXY" ] ; then
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
elif [ -n "$SSLTEST_HTTPS_PROXY" ] ; then
# WTF HTTP CONNECT failed: 502 Bad Gateway (tor protocol violation)
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
fi
# Make sure a firewall is not between you and your scanning target!
# `sed -e 's@.*/@@' <<< $SSLTEST_HTTPS_PROXY`
# timesout 3x
# TESTSSL_ARGS="$TESTSSL_ARGS --proxy=auto"
# use torsocks instead of
# ANALYZE_ARGS="ANALYZE_ARGS --starttls http_proxy:${PROXY_HOST}:$PROXY_PORT"
CURL_ARGS="$CURL_ARGS -x socks5h://${SOCKS_HOST}:$SOCKS_PORT"
#? NMAP_ARGS="$NMAP_ARGS -x socks4://${SOCKS_HOST}:$SOCKS_PORT"
# no proxy args and no _proxy strings
SSLSCAN_ENVS="$TORSOCKS "
ANALYZE_ENVS="$TORSOCKS "
# proxy timesout
TESTSSL_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP $TESTSSL_ENVS"
NMAP_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP "
CURL_ENVS=" "
return 0
}
ssltest_nmap () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=nmap
DATE DBUG $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" $eltfile
INFO $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" >> $eltfile
$NMAP_ENVS $exe $NMAP_ELTS $site >> $eltfile 2>&1
retval=$?
if grep -q '(1 host up)' $eltfile ; then
if grep -q TLS_AKE_WITH_AES_256_GCM_SHA384 $eltfile ; then
INFO "$elt TLS_AKE_WITH_AES_256_GCM_SHA384 = $eltfile" | tee -a $eltfile
else
INFO "$elt CA=$cacert = $eltfile" | tee -a $eltfile
fi
elif [ $retval -ne 0 ] ; then
ERROR "$elt retval=$retval timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile
else
WARN $elt "NO '(1 host up)' in" $eltfile
fi
return 0
}
## ssltest_nmap
## no good for 1.3
ssltest_sslscan () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=sslscan
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" $eltfile
INFO "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" >> $eltfile
$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site:$SSL_PORT >> $eltfile 2>&1
retval=$?
# ECDHE-RSA-AES256-SHA pop.zoho.eu tls1.2
if [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile
elif grep ERROR $eltfile ; then
ERROR "$elt ERROR CA=$cacert = $eltfile" | tee -a $eltfile
retval=-1
elif grep EROR: $eltfile ; then
ERROR "$elt EROR: CA=$cacert = $eltfile" | tee -a $eltfile
retval=-2
elif grep "Certificate information cannot be retrieved." $eltfile ; then
WARN "$elt 'Certificate information cannot be retrieved' = $eltfile" | tee -a $eltfile
elif grep "TLSv1.$SSL_VER.*disabled" $eltfile ; then
ERROR "$elt TLSv1.$SSL_VER disabled = $eltfile" | tee -a $eltfile
retval=-3
elif ! grep '^\(Subject\|Altnames\).*'"$site" $eltfile ; then
# *.zoho.eu
WARN "$elt not 'Subject\|Altnames' = $eltfile" | tee -a $eltfile