login-validator: Append shadow to original challenge archive
This commit is contained in:
parent
f317d11fac
commit
59abc217d1
@ -45,7 +45,7 @@ func passwd(w http.ResponseWriter, r *http.Request) {
|
|||||||
defer file.Close()
|
defer file.Close()
|
||||||
|
|
||||||
// Save the file
|
// Save the file
|
||||||
fd, err := os.Create(path.Join(tftpDir, "shadows", fmt.Sprintf("%s.cpio", r.RemoteAddr)))
|
fd, err := os.Create(path.Join(tftpDir, "shadows", fmt.Sprintf("%s.img", initrd_name(r.RemoteAddr))))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error when creating shadow file from", r.RemoteAddr, err.Error())
|
log.Println("Error when creating shadow file from", r.RemoteAddr, err.Error())
|
||||||
http.Error(w, "Unable to treat your passwd file, please try again later", http.StatusInternalServerError)
|
http.Error(w, "Unable to treat your passwd file, please try again later", http.StatusInternalServerError)
|
||||||
@ -53,7 +53,18 @@ func passwd(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
defer fd.Close()
|
defer fd.Close()
|
||||||
|
|
||||||
// Generate the new cpio archive
|
// Copy the original challenge
|
||||||
|
fdchal, err := os.Open(path.Join(tftpDir, "challenge-initrd.img"))
|
||||||
|
if err != nil {
|
||||||
|
log.Println(r.RemoteAddr, "Error when opening original challenge initramfs:", err.Error())
|
||||||
|
http.Error(w, "Unable to treat your passwd file, please try again later", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer fdchal.Close()
|
||||||
|
|
||||||
|
io.Copy(fd, fdchal)
|
||||||
|
|
||||||
|
// Append the new cpio archive
|
||||||
zw := gzip.NewWriter(fd)
|
zw := gzip.NewWriter(fd)
|
||||||
wcpio := cpio.NewWriter(zw)
|
wcpio := cpio.NewWriter(zw)
|
||||||
|
|
||||||
@ -91,6 +102,6 @@ func passwd(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Println("Registered shadow from", r.RemoteAddr)
|
log.Println("Registered shadow for", r.RemoteAddr)
|
||||||
http.Error(w, "Success", http.StatusOK)
|
http.Error(w, "Success", http.StatusOK)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,6 +2,7 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/hmac"
|
"crypto/hmac"
|
||||||
|
"crypto/md5"
|
||||||
"crypto/sha512"
|
"crypto/sha512"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
@ -27,6 +28,12 @@ func RegisterUserIP(ip net.IP, username string) error {
|
|||||||
return registerUser(pxeUserTplPath, fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username, ip)
|
return registerUser(pxeUserTplPath, fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username, ip)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func initrd_name(remote string) string {
|
||||||
|
initrd := hmac.New(md5.New, []byte(loginSalt))
|
||||||
|
initrd.Write([]byte(remote))
|
||||||
|
return fmt.Sprintf("%x", initrd.Sum(nil))
|
||||||
|
}
|
||||||
|
|
||||||
func registerUser(tplPath string, filename string, username string, ip net.IP) error {
|
func registerUser(tplPath string, filename string, username string, ip net.IP) error {
|
||||||
if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, tplPath)); err != nil {
|
if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, tplPath)); err != nil {
|
||||||
return err
|
return err
|
||||||
@ -46,6 +53,7 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
|
|||||||
return err
|
return err
|
||||||
} else if err := pxeTmpl.Execute(userfd, map[string]string{
|
} else if err := pxeTmpl.Execute(userfd, map[string]string{
|
||||||
"username": username,
|
"username": username,
|
||||||
|
"initrd": initrd_name(ip.String()),
|
||||||
"pkey": fmt.Sprintf("%x", pkey.Sum(nil)),
|
"pkey": fmt.Sprintf("%x", pkey.Sum(nil)),
|
||||||
"ip": ip.String(),
|
"ip": ip.String(),
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
|
|||||||
@ -20,7 +20,7 @@ menu title Welcome {{ .username }} to the EPITA ADvanced LINux administration co
|
|||||||
LABEL challenge
|
LABEL challenge
|
||||||
MENU LABEL ^Enter Challenge
|
MENU LABEL ^Enter Challenge
|
||||||
KERNEL ../bzImage
|
KERNEL ../bzImage
|
||||||
INITRD ../challenge-initrd.img
|
INITRD ../s/{{ .initrd }}.img
|
||||||
APPEND console=tty0 adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }} quiet
|
APPEND console=tty0 adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }} quiet
|
||||||
text help
|
text help
|
||||||
You are currently identified as {{ .username }}.
|
You are currently identified as {{ .username }}.
|
||||||
|
|||||||
@ -30,7 +30,7 @@ echo -n Kernel command line: ${}
|
|||||||
read cmdline || goto start
|
read cmdline || goto start
|
||||||
|
|
||||||
kernel tftp://${next-server}/bzImage ${cmdline} adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }}
|
kernel tftp://${next-server}/bzImage ${cmdline} adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }}
|
||||||
initrd tftp://${next-server}/challenge-initrd.img
|
initrd tftp://${next-server}/s/{{ .initrd }}.img
|
||||||
boot || goto failed
|
boot || goto failed
|
||||||
goto start
|
goto start
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user