split checker from token-validator

2020-03-27 14:57:14 +01:00 · 2020-03-27 14:57:14 +01:00 · 0c661f36f6
commit 0c661f36f6
parent 685dc0b0ea
20 changed files with 634 additions and 748 deletions
--- a/token-validator/ssh.go
+++ b/token-validator/ssh.go
@ -1,23 +1,21 @@
 package main

 import (
-	"bytes"
 	"crypto/hmac"
-	"encoding/json"
 	"encoding/hex"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"os"
-	"os/exec"
 	"path"
 	"strconv"
-	"strings"
-	"time"

 	"github.com/julienschmidt/httprouter"
+
+	"git.nemunai.re/lectures/adlin/libadlin"
 )

 var AuthorizedKeysLocation = "/root/.ssh/authorized_keys"
@ -26,7 +24,7 @@ var SshPiperLocation = "/var/sshpiper/"
 func init() {
 	router.GET("/sshkeys", apiHandler(
 		func(httprouter.Params, []byte) (interface{}, error) {
-			return getStudentKeys()
+			return adlin.GetStudentKeys()
 		}))
 	router.POST("/sshkeys", rawHandler(responseHandler(receiveKey)))
 	router.GET("/sshkeys/authorizedkeys", func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
@ -35,153 +33,28 @@ func init() {
 	router.GET("/api/students/:sid/hassshkeys", apiHandler(studentHandler(hasSSHKeys)))
 	router.GET("/api/students/:sid/authorizedkeys", func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 		if sid, err := strconv.Atoi(string(ps.ByName("sid"))); err != nil {
-			if student, err := getStudentByLogin(ps.ByName("sid")); err != nil {
+			if student, err := adlin.GetStudentByLogin(ps.ByName("sid")); err != nil {
 				http.Error(w, "Student doesn't exist.", http.StatusNotFound)
 			} else {
-				student.dumpAuthorizedKeysFile(w)
+				dumpStdAuthorizedKeysFile(student, w)
 			}
-		} else if student, err := getStudent(sid); err != nil {
+		} else if student, err := adlin.GetStudent(sid); err != nil {
 			http.Error(w, "Student doesn't exist.", http.StatusNotFound)
 		} else {
-			student.dumpAuthorizedKeysFile(w)
+			dumpStdAuthorizedKeysFile(student, w)
 		}

 	})
 }

-func hasSSHKeys(student Student, body []byte) (interface{}, error) {
-	if keys, err := student.getKeys(); err != nil {
+func hasSSHKeys(student adlin.Student, body []byte) (interface{}, error) {
+	if keys, err := student.GetKeys(); err != nil {
 		return nil, err
 	} else {
 		return len(keys) > 0, nil
 	}
 }

-type StudentKey struct {
-	Id        int64     `json:"id"`
-	IdStudent int64     `json:"id_student"`
-	Key       string    `json:"key"`
-	Time      time.Time `json:"time"`
-}
-
-func getStudentKeys() (keys []StudentKey, err error) {
-	if rows, errr := DBQuery("SELECT id_key, id_student, sshkey, time FROM student_keys"); errr != nil {
-		return nil, errr
-	} else {
-		defer rows.Close()
-
-		for rows.Next() {
-			var k StudentKey
-			if err = rows.Scan(&k.Id, &k.IdStudent, &k.Key, &k.Time); err != nil {
-				return
-			}
-			keys = append(keys, k)
-		}
-		if err = rows.Err(); err != nil {
-			return
-		}
-
-		return
-	}
-}
-
-func (s Student) getKeys() (keys []StudentKey, err error) {
-	if rows, errr := DBQuery("SELECT id_key, id_student, sshkey, time FROM student_keys WHERE id_student = ?", s.Id); errr != nil {
-		return nil, errr
-	} else {
-		defer rows.Close()
-
-		for rows.Next() {
-			var k StudentKey
-			if err = rows.Scan(&k.Id, &k.IdStudent, &k.Key, &k.Time); err != nil {
-				return
-			}
-			keys = append(keys, k)
-		}
-		if err = rows.Err(); err != nil {
-			return
-		}
-
-		return
-	}
-}
-
-func getStudentKey(id int) (k StudentKey, err error) {
-	err = DBQueryRow("SELECT id_key, id_student, sshkey, time FROM student_keys WHERE id_key=?", id).Scan(&k.Id, &k.IdStudent, &k.Key, &k.Time)
-	return
-}
-
-func (s Student) NewKey(key string) (k StudentKey, err error) {
-	// Check key before importing it
-	cmd := exec.Command("ssh-keygen", "-l", "-f", "-")
-	cmd.Stdin = strings.NewReader(key)
-	var stdoutStderr []byte
-	stdoutStderr, err = cmd.CombinedOutput()
-	if err != nil {
-		if _, ok := err.(*exec.ExitError); ok {
-			err = errors.New(string(stdoutStderr))
-		}
-		return
-	}
-
-	chunks := bytes.Fields(stdoutStderr)
-
-	keytype := string(chunks[len(chunks)-1])
-	minkeysize := 2048
-	if keytype == "(ED25519)" || keytype == "(ECDSA)" {
-		minkeysize = 256
-	}
-
-	var bits int
-	if bits, err = strconv.Atoi(string(chunks[0])); err != nil {
-		return
-	} else if bits < minkeysize {
-		err = errors.New("Keysize too small")
-		return
-	}
-
-	// Sanitize the given key
-	keyf := strings.Fields(key)
-	if len(keyf) < 2 {
-		err = errors.New("Unexpected key file, this should never happen")
-		return
-	}
-	key = keyf[0] + " " + keyf[1]
-
-	if res, err := DBExec("INSERT INTO student_keys (id_student, sshkey, time) VALUES (?, ?, ?)", s.Id, key, time.Now()); err != nil {
-		return StudentKey{}, err
-	} else if kid, err := res.LastInsertId(); err != nil {
-		return StudentKey{}, err
-	} else {
-		s.UnlockNewChallenge(len(challenges), "")
-		return StudentKey{kid, s.Id, key, time.Now()}, nil
-	}
-}
-
-func (k StudentKey) GetStudent() (Student, error) {
-	return getStudent(int(k.IdStudent))
-}
-
-func (k StudentKey) Update() (int64, error) {
-	if res, err := DBExec("UPDATE student_keys SET id_student = ?, sshkey = ?, time = ? WHERE id_key = ?", k.IdStudent, k.Key, k.Time, k.Id); err != nil {
-		return 0, err
-	} else if nb, err := res.RowsAffected(); err != nil {
-		return 0, err
-	} else {
-		return nb, err
-	}
-}
-
-func (k StudentKey) Delete() (int64, error) {
-	if res, err := DBExec("DELETE FROM student_keys WHERE id_key = ?", k.Id); err != nil {
-		return 0, err
-	} else if nb, err := res.RowsAffected(); err != nil {
-		return 0, err
-	} else {
-		return nb, err
-	}
-}
-
 func receiveKey(r *http.Request, ps httprouter.Params, body []byte) (interface{}, error) {
 	var gt givenToken
 	if err := json.Unmarshal(body, &gt); err != nil {
@ -193,7 +66,7 @@ func receiveKey(r *http.Request, ps httprouter.Params, body []byte) (interface{}
 		return nil, err
 	}

-	if std, err := getStudentByLogin(gt.Login); err != nil {
+	if std, err := adlin.GetStudentByLogin(gt.Login); err != nil {
 		return nil, err
 	} else if len(gt.Data) < 2 {
 		return nil, errors.New("No key found!")
@ -207,7 +80,7 @@ func receiveKey(r *http.Request, ps httprouter.Params, body []byte) (interface{}

 		if expectedToken, err := GenerateToken(pkey, 0, data...); err != nil {
 			return nil, err
-		} else if ! hmac.Equal(expectedToken, gt.token) {
+		} else if !hmac.Equal(expectedToken, gt.token) {
 			return nil, errors.New("This is not the expected token.")
 		}

@ -240,7 +113,7 @@ func receiveKey(r *http.Request, ps httprouter.Params, body []byte) (interface{}
 				}
 				defer file.Close()

-				std.dumpAuthorizedKeysFile(file)
+				dumpStdAuthorizedKeysFile(std, file)
 				os.Symlink(path.Join(SshPiperLocation, "sshpiper_upstream"), path.Join(SshPiperLocation, std.Login, "sshpiper_upstream"))
 				os.Symlink(path.Join(SshPiperLocation, "id_rsa"), path.Join(SshPiperLocation, std.Login, "id_rsa"))
 			}
@ -254,7 +127,7 @@ func receiveKey(r *http.Request, ps httprouter.Params, body []byte) (interface{}
 func dumpAuthorizedKeysFile(w io.Writer) {
 	seen := map[string]interface{}{}

-	if keys, _ := getStudentKeys(); keys != nil {
+	if keys, _ := adlin.GetStudentKeys(); keys != nil {
 		for _, k := range keys {
 			if _, exists := seen[k.Key]; exists {
 				continue
@ -268,10 +141,10 @@ func dumpAuthorizedKeysFile(w io.Writer) {
 	}
 }

-func (s Student) dumpAuthorizedKeysFile(w io.Writer) {
+func dumpStdAuthorizedKeysFile(s adlin.Student, w io.Writer) {
 	seen := map[string]interface{}{}

-	if keys, _ := s.getKeys(); keys != nil {
+	if keys, _ := s.GetKeys(); keys != nil {
 		for _, k := range keys {
 			if _, exists := seen[k.Key]; exists {
 				continue