From 46af0d52aae7590866741222cd8ac5b75f242508 Mon Sep 17 00:00:00 2001
From: mantaohuang <mantao@mit.edu>
Date: Fri, 3 Apr 2020 17:45:05 -0400
Subject: [PATCH] start openvpn using subprocess_exec instead of shell

---
 openvpn.py       |  9 +++---
 session0/cfg.txt | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
 session0/log.txt | 34 ++++++++++++++++++++
 3 files changed, 118 insertions(+), 5 deletions(-)
 create mode 100644 session0/cfg.txt
 create mode 100644 session0/log.txt

diff --git a/openvpn.py b/openvpn.py
index c1dc463..582bbc2 100644
--- a/openvpn.py
+++ b/openvpn.py
@@ -76,7 +76,6 @@ class Openvpn:
             self.status = RUNNING
             config_fp = self.generate_config_file()
             cmd = " ".join(["", "openvpn", "--config", config_fp])
-            cmd = f"sg openvpn -c \"{cmd}\""  # TODO: configable?
             self.run_task = self.loop.create_task(self.run(cmd))
 
     def get_log(self):
@@ -94,7 +93,7 @@ class Openvpn:
     async def stop(self):
         if self.status == RUNNING:
             try:
-                await self.proc.kill()
+                self.proc.kill()
             except Exception as err:
                 print("kill failed:", err)
 
@@ -105,14 +104,14 @@ class Openvpn:
         await self.stop()
         self.start()
 
-    async def run(self, cmd):
+    async def run(self, cmd, group="openvpn"):
         print(f"run: {cmd}")
         self.exit_future = asyncio.Future()
         while self.status == RUNNING:
             print("create proc")
             print(self.status)
-            proc = await asyncio.create_subprocess_shell(
-                cmd,
+            proc = await asyncio.create_subprocess_exec(
+                "sg", group, "-c", cmd,
                 stdout=asyncio.subprocess.PIPE,
                 stderr=asyncio.subprocess.PIPE)
             self.proc = proc
diff --git a/session0/cfg.txt b/session0/cfg.txt
new file mode 100644
index 0000000..1c1f2c7
--- /dev/null
+++ b/session0/cfg.txt
@@ -0,0 +1,80 @@
+client
+remote us-cf-ovudp-01.jumptoserver.com 4443
+proto udp
+comp-lzo
+persist-key
+persist-tun
+dev tun0
+auth SHA256
+auth-user-pass /home/mantao/Desktop/t/fast.txt
+tls-client
+mssfix 1450
+resolv-retry infinite
+remote-random
+nobind
+ping 15
+ping-restart 0
+ping-timer-rem
+reneg-sec 0
+tun-mtu 1500
+tun-mtu-extra 32
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIFQjCCAyqgAwIBAgIIUfxepT+rr8owDQYJKoZIhvcNAQEMBQAwPzELMAkGA1UE
+BhMCS1kxEzARBgNVBAoTCkZhc3Rlc3RWUE4xGzAZBgNVBAMTEkZhc3Rlc3RWUE4g
+Um9vdCBDQTAeFw0xNzA5MTYwMDAxNDZaFw0yNzA5MTQwMDAxNDZaMD8xCzAJBgNV
+BAYTAktZMRMwEQYDVQQKEwpGYXN0ZXN0VlBOMRswGQYDVQQDExJGYXN0ZXN0VlBO
+IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1Xj+WfPTo
+zFynFqc+c3CVrggIllaXEl5bY5VgFynXkqCTM6lSrfC4pNjGXUbqWe6RnGJbM4/6
+kUn+lQDjFSQV1rzP2eDS8+r5+X2WXh4AoeNRUWhvSG+HiHD/B2EFK+Nd5BRSdUjp
+KWAtsCmT2bBt7nT0jN1OdeNrLJeyF8siAqv/oQzKznF9aIe/N01b2M8ZOFTzoXi2
+fZAckgGWui8NB/lzkVIJqSkAPRL8qiJLuRCPVOX1PFD8vV//R8/QumtfbcYBMo6v
+Ck2HmWdrh5OQHPxb3KJtbtG+Z1j8x6HGEAe17djYepBiRMyCEQvYgfD6tvFylc4I
+quhqE9yaP60PJod5TxpWnRQ6HIGSeBm+S+rYSMalTZ8+pUqOOA+IQCYpfpx6EKIJ
+L/VsW2C7cXdvudxDhXPI5lR/QidCb9Ohq3WkfxXaYwzrngdg2avmNqId9R4KESuM
+9GoHW0dszfyBCh5wYfeaffMElfDam3B92NUwyhZwtIiv623WVXY9PPz+EDjSJsIA
+u2Vi1vdJyA4nD4k9Lwmx/1zTc/UaYVLsiBqL2WdfvFTeoWoV+dNxQXSEPhB8gwi8
+x4O4lZW0cwVy/6fa8KMY8gZbcbSTr7U5bRERfW8l+jY+mYKQ/M/ccgpxaHiw1/+4
+LWfbJQ7VhJJrTyN0C36FQzY1URkSXg+53wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmVEL4x6xdCqiqu2OBLs27EA8
+xGYwDQYJKoZIhvcNAQEMBQADggIBABCpITvO1+R4T9v2+onHiFxU5JjtCZ0zkXqR
+CMp/Z0UIYbeo1p07pZCPAUjBfGPCkAaR++OiG9sysALdJf8Y6HQKcyuAcWUqQnaI
+hoZ2JcAP7EKq7uCqsMhcYZD/j3O/3RPtSW5UOx6ItDU+Ua0t9Edho9whNw0VQXmo
+1JjYoP3FzPjuKoDWTSO1q5eYlZfwcTcs55O2shNkFafPg/6cCm5j6v9nyHrM3sk4
+LjkrBPUXVx2m/aoz219t8O9Ha9/CdMKXsPO/8gTUzpgnzSgPnGnBmi5xr1nspVN8
+X4E2f3D+DKqBim3YgslD68NcuFQvJ0/BxZzWVbrr+QXoyzaiCgXuogpIDc2bB6oR
+XqFnHNz36d4QJmJdWdSaijiS/peQ6EOPgOZ1GuObLWlDCBZLNeQ+N6QaiJxVO4XU
+j/s22i1IRtwdz84TRHrbWiIpEymsqmb/Ep5r4xV5d6+791axclfOTH7tQrY/SbPt
+TJI4OEgNekI8YfadQifpelF82MsFFEZuaQn0lj+fvLGtE/zKh3OdLTxRc5TAgBB+
+0T81+JQosygNr2aFFG0hxar1eyw/gLeG8H+7Ie50pyPvXO4OgB6Key8rSExpilQX
+lvAT1qX0qS3/K1i/9QkSE9ftIPT6vtwLV2sVQzfyanI4IZgWC6ryhvNLsRn0NFnQ
+clor0+aq
+-----END CERTIFICATE-----
+</ca>
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+697fe793b32cb5091d30f2326d5d124a
+9412e93d0a44ef7361395d76528fcbfc
+82c3859dccea70a93cfa8fae409709bf
+f75f844cf5ff0c237f426d0c20969233
+db0e706edb6bdf195ec3dc11b3f76bc8
+07a77e74662d9a800c8cd1144ebb67b7
+f0d3f1281d1baf522bfe03b7c3f963b1
+364fc0769400e413b61ca7b43ab19fac
+9e0f77e41efd4bda7fd77b1de2d7d785
+5cbbe3e620cecceac72c21a825b243e6
+51f44d90e290e09c3ad650de8fca99c8
+58bc7caad584bc69b11e5c9fd9381c69
+c505ec487a65912c672d83ed0113b5a7
+4ddfbd3ab33b3683cec593557520a72c
+4d6cce46111f56f3396cc3ce7183edce
+553c68ea0796cf6c4375fad00aaa2a42
+-----END OpenVPN Static key V1-----
+</tls-auth>
+tls-cipher  TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
+cipher AES-256-CBC
+ping-timer-rem
+dev-type tun
+management localhost 8001
+log-append ./session0/log.txt
\ No newline at end of file
diff --git a/session0/log.txt b/session0/log.txt
new file mode 100644
index 0000000..fcae278
--- /dev/null
+++ b/session0/log.txt
@@ -0,0 +1,34 @@
+Fri Apr  3 17:44:07 2020 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
+Fri Apr  3 17:44:07 2020 WARNING: file '/home/mantao/Desktop/t/fast.txt' is group or others accessible
+Fri Apr  3 17:44:07 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  3 2020
+Fri Apr  3 17:44:07 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
+Fri Apr  3 17:44:07 2020 setsockopt(IPV6_V6ONLY=0)
+Fri Apr  3 17:44:07 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
+Fri Apr  3 17:44:07 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
+Fri Apr  3 17:44:07 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.154.253.6:4443
+Fri Apr  3 17:44:07 2020 UDP link local: (not bound)
+Fri Apr  3 17:44:07 2020 UDP link remote: [AF_INET]192.154.253.6:4443
+Fri Apr  3 17:44:07 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
+Fri Apr  3 17:44:09 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
+Fri Apr  3 17:44:09 2020 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
+Fri Apr  3 17:44:09 2020 [*.fastestvpn.co] Peer Connection Initiated with [AF_INET]192.154.253.6:4443
+Fri Apr  3 17:44:11 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
+Fri Apr  3 17:44:11 2020 ERROR: Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1)
+Fri Apr  3 17:44:11 2020 Exiting due to fatal error
+Fri Apr  3 17:44:16 2020 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
+Fri Apr  3 17:44:16 2020 WARNING: file '/home/mantao/Desktop/t/fast.txt' is group or others accessible
+Fri Apr  3 17:44:16 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  3 2020
+Fri Apr  3 17:44:16 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
+Fri Apr  3 17:44:17 2020 setsockopt(IPV6_V6ONLY=0)
+Fri Apr  3 17:44:17 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
+Fri Apr  3 17:44:17 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
+Fri Apr  3 17:44:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.154.253.6:4443
+Fri Apr  3 17:44:17 2020 UDP link local: (not bound)
+Fri Apr  3 17:44:17 2020 UDP link remote: [AF_INET]192.154.253.6:4443
+Fri Apr  3 17:44:17 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
+Fri Apr  3 17:44:19 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
+Fri Apr  3 17:44:19 2020 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
+Fri Apr  3 17:44:19 2020 [*.fastestvpn.co] Peer Connection Initiated with [AF_INET]192.154.253.6:4443
+Fri Apr  3 17:44:21 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
+Fri Apr  3 17:44:21 2020 ERROR: Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1)
+Fri Apr  3 17:44:21 2020 Exiting due to fatal error