summaryrefslogtreecommitdiff
path: root/client
diff options
context:
space:
mode:
authorSam Chudnick <sam@chudnick.com>2022-07-04 12:24:59 -0400
committerSam Chudnick <sam@chudnick.com>2022-07-04 12:24:59 -0400
commit755d7f5f94b720b028d085cf971c5935c130dec1 (patch)
treef015e8929563e5302d2ba8e2ee7215d1231debdd /client
parent11a4a5edb9f0e22fe8355291942ed03c9765ced5 (diff)
Implemented TLS encrypted connections
Implemented TLS encrypted connections. Added command line argument and configuration file option to accept invalid (self-signed) certificates. Fixed a couple of unrelated issues.
Diffstat (limited to 'client')
-rwxr-xr-xclient/client.py32
1 files changed, 24 insertions, 8 deletions
diff --git a/client/client.py b/client/client.py
index 70d85a0..cc22d0b 100755
--- a/client/client.py
+++ b/client/client.py
@@ -1,6 +1,7 @@
1#!/usr/bin/env python3 1#!/usr/bin/env python3
2 2
3import socket 3import socket
4import ssl
4import time 5import time
5import argparse 6import argparse
6import sys 7import sys
@@ -25,6 +26,8 @@ def parse_arguments():
25 parser.add_argument("--config",type=str,help="Path to config file",\ 26 parser.add_argument("--config",type=str,help="Path to config file",\
26 default="/etc/mfa/mfa.conf") 27 default="/etc/mfa/mfa.conf")
27 parser.add_argument("--key",type=str,help="Client connection key") 28 parser.add_argument("--key",type=str,help="Client connection key")
29 parser.add_argument("--insecure",action="store_true",\
30 help="Accept invalid TLS certificates")
28 return parser.parse_args() 31 return parser.parse_args()
29 32
30def prompt_user(prompt): 33def prompt_user(prompt):
@@ -34,7 +37,7 @@ def prompt_user(prompt):
34 return result 37 return result
35 38
36 39
37def init_connection(mfa_server, client_port, client_key): 40def init_connection(mfa_server, client_port, client_key, insecure=False):
38 # Attempts to connect to MFA server with provided address,port, and key. 41 # Attempts to connect to MFA server with provided address,port, and key.
39 # Repeats attempt once a seconds until timeout is reached. 42 # Repeats attempt once a seconds until timeout is reached.
40 # Returns socket or None if unable to connect 43 # Returns socket or None if unable to connect
@@ -42,9 +45,16 @@ def init_connection(mfa_server, client_port, client_key):
42 timeout = 0 45 timeout = 0
43 timeout_length = 5 46 timeout_length = 5
44 sleep_length = 1 47 sleep_length = 1
48 context = ssl.create_default_context()
49 if insecure:
50 context.check_hostname = False
51 context.verify_mode = 0
45 while connection == None and timeout < timeout_length: 52 while connection == None and timeout < timeout_length:
46 try: 53 try:
47 connection = socket.create_connection((mfa_server,client_port)) 54 #connection = socket.create_connection((mfa_server,client_port))
55 connection = context.wrap_socket(socket.socket(socket.AF_INET),
56 server_hostname=mfa_server)
57 connection.connect((mfa_server,int(client_port)))
48 connection.send(client_key.encode(FORMAT)) 58 connection.send(client_key.encode(FORMAT))
49 response = connection.recv(ACK_LENGTH).decode(FORMAT) 59 response = connection.recv(ACK_LENGTH).decode(FORMAT)
50 if response == ACK_MESSAGE: 60 if response == ACK_MESSAGE:
@@ -55,6 +65,8 @@ def init_connection(mfa_server, client_port, client_key):
55 except ConnectionError: 65 except ConnectionError:
56 time.sleep(sleep_length) 66 time.sleep(sleep_length)
57 timeout += sleep_length 67 timeout += sleep_length
68 except ssl.SSLCertVerificationError:
69 die("error: server presented invalid certificate")
58 return connection 70 return connection
59 71
60 72
@@ -72,27 +84,31 @@ def get_vars(args,confparser):
72 server = None 84 server = None
73 port = None 85 port = None
74 key = None 86 key = None
87 insecure = None
75 88
76 # Set values from config file first 89 # Set values from config file first
77 if confparser.has_section("client"): 90 if confparser.has_section("client"):
78 server = confparser.get("client","server",fallback=None) 91 server = confparser.get("client","server",fallback=None)
79 port = confparser.get("client","port",fallback=None) 92 port = confparser.get("client","port",fallback=None)
80 key = confparser.get("client","key",fallback=None) 93 key = confparser.get("client","key",fallback=None)
94 insecure = bool(confparser.get("client","insecure",fallback=False))
81 95
82 # Let command line args overwrite any values 96 # Let command line args overwrite any values
83 if args.server: 97 if args.server != None:
84 server = args.server 98 server = args.server
85 if args.port: 99 if args.port != None:
86 port = args.port 100 port = args.port
87 if args.key: 101 if args.key != None:
88 key = args.key 102 key = args.key
103 if args.insecure:
104 insecure = args.insecure
89 105
90 # Exit if any value is null 106 # Exit if any value is null
91 if None in [server,port,key]: 107 if None in [server,port,key]:
92 print("error: one or more items unspecified") 108 print("error: one or more items unspecified")
93 sys.exit(1) 109 sys.exit(1)
94 110
95 return server,port,key 111 return server,port,key,insecure
96 112
97 113
98def main(): 114def main():
@@ -100,7 +116,7 @@ def main():
100 args = parse_arguments() 116 args = parse_arguments()
101 confparser = read_config(args.config) 117 confparser = read_config(args.config)
102 118
103 mfa_server,client_port,client_key = get_vars(args,confparser) 119 mfa_server,client_port,client_key,insecure = get_vars(args,confparser)
104 120
105 # Exit if invalid key is provided 121 # Exit if invalid key is provided
106 if len(client_key) != KEY_LENGTH: 122 if len(client_key) != KEY_LENGTH:
@@ -108,7 +124,7 @@ def main():
108 sys.exit(1) 124 sys.exit(1)
109 125
110 # Open connection to server 126 # Open connection to server
111 conn = init_connection(mfa_server,client_port,client_key) 127 conn = init_connection(mfa_server,client_port,client_key,insecure)
112 if conn == None: 128 if conn == None:
113 print("timed out attempting to connect to server") 129 print("timed out attempting to connect to server")
114 sys.exit(1) 130 sys.exit(1)