login-validator: add IP
This commit is contained in:
parent
081b22a64a
commit
0b05e8539d
@ -19,6 +19,9 @@ cmdline() {
|
|||||||
# Get some command line options
|
# Get some command line options
|
||||||
USER_LOGIN=$(cmdline adlin.login)
|
USER_LOGIN=$(cmdline adlin.login)
|
||||||
USER_PKEY=$(cmdline adlin.key)
|
USER_PKEY=$(cmdline adlin.key)
|
||||||
|
USER_IP=$(cmdline adlin.ip)
|
||||||
|
|
||||||
|
[ -n "${USER_IP}" ] && echo "${USER_IP}" > /root/my_ip
|
||||||
|
|
||||||
# Define hostname
|
# Define hostname
|
||||||
hostname adlin-${USER_LOGIN}
|
hostname adlin-${USER_LOGIN}
|
||||||
|
@ -52,7 +52,7 @@ func ARPAnalyze() (ents []ARPEntry, err error) {
|
|||||||
|
|
||||||
func ARPContainsIP(ents []ARPEntry, ip net.IP) *ARPEntry {
|
func ARPContainsIP(ents []ARPEntry, ip net.IP) *ARPEntry {
|
||||||
for i, e := range ents {
|
for i, e := range ents {
|
||||||
if e.IP.Equal(ip) && e.Flags == 2 {
|
if e.IP.Equal(ip) && (e.Flags == 2 || e.Flags == 6) {
|
||||||
return &ents[i]
|
return &ents[i]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -9,7 +9,6 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -171,6 +170,7 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
if mac == nil {
|
if mac == nil {
|
||||||
log.Printf("Unable to find MAC address for given IP (%s)\n", ip)
|
log.Printf("Unable to find MAC address for given IP (%s)\n", ip)
|
||||||
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
|
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Register the user remotely
|
// Register the user remotely
|
||||||
@ -178,7 +178,7 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
log.Println("Error on remote registration:", err)
|
log.Println("Error on remote registration:", err)
|
||||||
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
|
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
} else if err := l.lateLoginAction(lu.Username, r.RemoteAddr, *mac); err != nil {
|
} else if err := l.lateLoginAction(lu.Username, r.RemoteAddr, *mac, ip); err != nil {
|
||||||
log.Println("Error on late login action:", err)
|
log.Println("Error on late login action:", err)
|
||||||
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
|
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
@ -188,7 +188,13 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l loginChecker) registerUser(username, remoteAddr string, ent ARPEntry) ([]byte, error) {
|
type myIP struct {
|
||||||
|
Id int64 `json:"id"`
|
||||||
|
Login string `json:"login"`
|
||||||
|
IP string `json:"ip"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (l loginChecker) registerUser(username, remoteAddr string, ent ARPEntry) (net.IP, error) {
|
||||||
bts, err := json.Marshal(map[string]interface{}{"login": username, "ip": remoteAddr, "mac": fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x", ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5])})
|
bts, err := json.Marshal(map[string]interface{}{"login": username, "ip": remoteAddr, "mac": fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x", ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5])})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
@ -211,10 +217,15 @@ func (l loginChecker) registerUser(username, remoteAddr string, ent ARPEntry) ([
|
|||||||
if resp.StatusCode != http.StatusOK {
|
if resp.StatusCode != http.StatusOK {
|
||||||
return nil, errors.New(resp.Status)
|
return nil, errors.New(resp.Status)
|
||||||
} else {
|
} else {
|
||||||
return ioutil.ReadAll(resp.Body)
|
dec := json.NewDecoder(resp.Body)
|
||||||
|
var myip myIP
|
||||||
|
if err := dec.Decode(&myip); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return net.ParseIP(myip.IP), nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l loginChecker) lateLoginAction(username, remoteAddr string, mac ARPEntry) error {
|
func (l loginChecker) lateLoginAction(username, remoteAddr string, mac ARPEntry, ip net.IP) error {
|
||||||
return RegisterUserMAC(mac, username)
|
return RegisterUserMAC(mac, ip, username)
|
||||||
}
|
}
|
||||||
|
@ -15,19 +15,19 @@ const pxeUserTplPath = "pxelinux.cfg/tpl"
|
|||||||
const ipxeUserTplPath = "pxelinux.cfg/tpl.ipxe"
|
const ipxeUserTplPath = "pxelinux.cfg/tpl.ipxe"
|
||||||
const pxeUserPath = "pxelinux.cfg"
|
const pxeUserPath = "pxelinux.cfg"
|
||||||
|
|
||||||
func RegisterUserMAC(ent ARPEntry, username string) error {
|
func RegisterUserMAC(ent ARPEntry, ip net.IP, username string) error {
|
||||||
if err := registerUser(ipxeUserTplPath, fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x.ipxe", ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5]), username); err != nil {
|
if err := registerUser(ipxeUserTplPath, fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x.ipxe", ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5]), username, ip); err != nil {
|
||||||
return err
|
return err
|
||||||
} else {
|
} else {
|
||||||
return registerUser(pxeUserTplPath, fmt.Sprintf("%02x-%02x-%02x-%02x-%02x-%02x-%02x", ent.HWType, ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5]), username)
|
return registerUser(pxeUserTplPath, fmt.Sprintf("%02x-%02x-%02x-%02x-%02x-%02x-%02x", ent.HWType, ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5]), username, ip)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func RegisterUserIP(ip net.IP, username string) error {
|
func RegisterUserIP(ip net.IP, username string) error {
|
||||||
return registerUser(pxeUserTplPath, fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username)
|
return registerUser(pxeUserTplPath, fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username, ip)
|
||||||
}
|
}
|
||||||
|
|
||||||
func registerUser(tplPath string, filename string, username string) error {
|
func registerUser(tplPath string, filename string, username string, ip net.IP) error {
|
||||||
if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, tplPath)); err != nil {
|
if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, tplPath)); err != nil {
|
||||||
return err
|
return err
|
||||||
} else if userfd, err := os.OpenFile(path.Join(tftpDir, pxeUserPath, filename), os.O_RDWR|os.O_CREATE, 0644); err != nil {
|
} else if userfd, err := os.OpenFile(path.Join(tftpDir, pxeUserPath, filename), os.O_RDWR|os.O_CREATE, 0644); err != nil {
|
||||||
@ -39,7 +39,11 @@ func registerUser(tplPath string, filename string, username string) error {
|
|||||||
|
|
||||||
if pxeTmpl, err := template.New("pxeUser").Parse(string(pxeTplCnt)); err != nil {
|
if pxeTmpl, err := template.New("pxeUser").Parse(string(pxeTplCnt)); err != nil {
|
||||||
return err
|
return err
|
||||||
} else if err := pxeTmpl.Execute(userfd, map[string]string{"username": username, "pkey": fmt.Sprintf("%x", pkey.Sum([]byte(username)))}); err != nil {
|
} else if err := pxeTmpl.Execute(userfd, map[string]string{
|
||||||
|
"username": username,
|
||||||
|
"pkey": fmt.Sprintf("%x", pkey.Sum([]byte(username))),
|
||||||
|
"ip": fmt.Sprintf("%d.%d.%d.%d", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]),
|
||||||
|
}); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user