From 10fea52dfedc35edd8ceb8c6ccc8c1c704186b8f Mon Sep 17 00:00:00 2001
From: nemunaire <nemunaire@nemunai.re>
Date: Sun, 18 Feb 2018 17:37:16 +0100
Subject: [PATCH] validator: add privatekey, derived from username

---
 tftp/pxelinux.cfg/tpl | 2 +-
 validator/login.go    | 8 +++++++-
 validator/main.go     | 1 +
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/tftp/pxelinux.cfg/tpl b/tftp/pxelinux.cfg/tpl
index 2857d47..9063a72 100644
--- a/tftp/pxelinux.cfg/tpl
+++ b/tftp/pxelinux.cfg/tpl
@@ -21,7 +21,7 @@ LABEL challenge
   MENU LABEL ^Enter Challenge
   KERNEL bzImage
   INITRD initramfs-challenge.img
-  APPEND console=tty0 quiet
+  APPEND console=tty0 adlin.login={{ .username }} adlin.key={{ .pkey }} quiet
   text help
           You are currently identified as {{ .username }}.
           Please select this menu entry in order to access the tutorial.
diff --git a/validator/login.go b/validator/login.go
index a5339f0..dd3a8ab 100644
--- a/validator/login.go
+++ b/validator/login.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"crypto/hmac"
+	"crypto/sha512"
 	"crypto/tls"
 	"encoding/json"
 	"errors"
@@ -17,6 +19,8 @@ import (
 	"gopkg.in/ldap.v2"
 )
 
+var loginSalt string
+
 type loginChecker struct {
 	students         []Student
 	ldapAddr         string
@@ -176,9 +180,11 @@ func (l loginChecker) lateLoginAction(username, remoteAddr string) error {
 	} else {
 		defer file.Close()
 
+		mac := hmac.New(sha512.New512_224, []byte(loginSalt))
+
 		if configTmpl, err := template.New("pxelinux.cfg").Parse(string(tpl)); err != nil {
 			log.Println("Cannot create template: ", err)
-		} else if err := configTmpl.Execute(file, map[string]string{"username": username, "remoteAddr": remoteAddr, "fname": fname}); err != nil {
+		} else if err := configTmpl.Execute(file, map[string]string{"username": username, "remoteAddr": remoteAddr, "pkey": fmt.Sprintf("%x", mac.Sum([]byte(username))), "fname": fname}); err != nil {
 			log.Println("An error occurs during template execution: ", err)
 		}
 	}
diff --git a/validator/main.go b/validator/main.go
index f9f993f..d4bcca1 100644
--- a/validator/main.go
+++ b/validator/main.go
@@ -18,6 +18,7 @@ func main() {
 	flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list")
 	flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table")
 	flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
+	flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
 
 	flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
 	flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")