[Rack] Rewrite of opengate-www script

Benny Baumann BenBE1987 at gmx.net
Sun Dec 5 00:47:35 PST 2010


Hi,

there has been some timing issue / racing condition inside the
opengate-www script which could be used to buzz the gate multiple times
inside the 30 seconds window. The problem was caused by the command
"sleep" beeing issued last in the script, thus opening a window of
approx. 5-10 seconds for multiple buzzing the gate while another
instance was still processing. Since the load caused by buzzing the gate
could be used to slow down the SSH processing and other script
activities this could be used for a DoS attack on the gate.

I rewrote the script opengate-www from scratch moving the offending
sleep command to the FIRST operations of the script. This does not fully
eliminate the racing condition (which would require an atomar operation
of starting the sleep and asking for different instances), but reduces
hitting this racing condition to an absolute minimum.

I also used this chance to clean up the code and combine some common
code into variables making the overall script more readable. Anyone who
feels like shane to have this code contain more comments is free to add
them. Don't touch the actual ssh and sshpass lines as they are a PITA to
fix.

On the special request of Isky I disabled the Text-to-Speech feature of
the opengate-www script which I just had fixed. Although this feature -
if activated - seems to truncate the audio for some reason.

The opengate script in the same folder looks simular fucked up like the
original opengate-www script. Anyone who feels bored enough is
encouraged to port my changes over.

While at this I moved the id_dsa key for authenticating with the
different servers for the script to work - with Rubin's consent in doing
so - from his home directory over to /var/hg/gate/.ssh-opengate/. The
directory is 770 root:hg and the keyfiles being 640 root:hg.

OT: I had to restart the touchpanel notebook at the front since it had
crashed, but it's up and running again.

Please review the changes of the opengate-www script since I cannot tell
whether there have been any bugs that got in the while porting the
general workflow of the script.

Last but not least: Rubin suggested to port all the necessary stuff for
opening the gate to a microcontroller which can be plugged onto the net
directly. If anyone has a spare Adruino board or something simular,
which fulfills at least the following requirements, let me know:
- RJ45 (LAN) connector for Ethernet connection
- Microcontroller with at least 2 KB, but better 4 KB of RAM
- Board being capable of running Etherape or simular based IP stacks
- IP-Pins to interconnect with the door circuits
- Some Speakers or GPIO ports suitable to drive them externally

Regards,
BenBE.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://www.noisebridge.net/pipermail/rack/attachments/20101205/78972081/attachment.pgp 


More information about the Rack mailing list