validator: add privatekey, derived from username
This commit is contained in:
parent
ad944b9920
commit
10fea52dfe
3 changed files with 9 additions and 2 deletions
|
|
@ -21,7 +21,7 @@ LABEL challenge
|
||||||
MENU LABEL ^Enter Challenge
|
MENU LABEL ^Enter Challenge
|
||||||
KERNEL bzImage
|
KERNEL bzImage
|
||||||
INITRD initramfs-challenge.img
|
INITRD initramfs-challenge.img
|
||||||
APPEND console=tty0 quiet
|
APPEND console=tty0 adlin.login={{ .username }} adlin.key={{ .pkey }} quiet
|
||||||
text help
|
text help
|
||||||
You are currently identified as {{ .username }}.
|
You are currently identified as {{ .username }}.
|
||||||
Please select this menu entry in order to access the tutorial.
|
Please select this menu entry in order to access the tutorial.
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/hmac"
|
||||||
|
"crypto/sha512"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
|
|
@ -17,6 +19,8 @@ import (
|
||||||
"gopkg.in/ldap.v2"
|
"gopkg.in/ldap.v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var loginSalt string
|
||||||
|
|
||||||
type loginChecker struct {
|
type loginChecker struct {
|
||||||
students []Student
|
students []Student
|
||||||
ldapAddr string
|
ldapAddr string
|
||||||
|
|
@ -176,9 +180,11 @@ func (l loginChecker) lateLoginAction(username, remoteAddr string) error {
|
||||||
} else {
|
} else {
|
||||||
defer file.Close()
|
defer file.Close()
|
||||||
|
|
||||||
|
mac := hmac.New(sha512.New512_224, []byte(loginSalt))
|
||||||
|
|
||||||
if configTmpl, err := template.New("pxelinux.cfg").Parse(string(tpl)); err != nil {
|
if configTmpl, err := template.New("pxelinux.cfg").Parse(string(tpl)); err != nil {
|
||||||
log.Println("Cannot create template: ", err)
|
log.Println("Cannot create template: ", err)
|
||||||
} else if err := configTmpl.Execute(file, map[string]string{"username": username, "remoteAddr": remoteAddr, "fname": fname}); err != nil {
|
} else if err := configTmpl.Execute(file, map[string]string{"username": username, "remoteAddr": remoteAddr, "pkey": fmt.Sprintf("%x", mac.Sum([]byte(username))), "fname": fname}); err != nil {
|
||||||
log.Println("An error occurs during template execution: ", err)
|
log.Println("An error occurs during template execution: ", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@ func main() {
|
||||||
flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list")
|
flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list")
|
||||||
flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table")
|
flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table")
|
||||||
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
|
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
|
||||||
|
flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
|
||||||
|
|
||||||
flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
|
flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
|
||||||
flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
|
flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
|
||||||
|
|
|
||||||
Reference in a new issue