login-validator: Append shadow to original challenge archive
This commit is contained in:
parent
f317d11fac
commit
59abc217d1
@ -45,7 +45,7 @@ func passwd(w http.ResponseWriter, r *http.Request) {
|
||||
defer file.Close()
|
||||
|
||||
// Save the file
|
||||
fd, err := os.Create(path.Join(tftpDir, "shadows", fmt.Sprintf("%s.cpio", r.RemoteAddr)))
|
||||
fd, err := os.Create(path.Join(tftpDir, "shadows", fmt.Sprintf("%s.img", initrd_name(r.RemoteAddr))))
|
||||
if err != nil {
|
||||
log.Println("Error when creating shadow file from", r.RemoteAddr, err.Error())
|
||||
http.Error(w, "Unable to treat your passwd file, please try again later", http.StatusInternalServerError)
|
||||
@ -53,7 +53,18 @@ func passwd(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
defer fd.Close()
|
||||
|
||||
// Generate the new cpio archive
|
||||
// Copy the original challenge
|
||||
fdchal, err := os.Open(path.Join(tftpDir, "challenge-initrd.img"))
|
||||
if err != nil {
|
||||
log.Println(r.RemoteAddr, "Error when opening original challenge initramfs:", err.Error())
|
||||
http.Error(w, "Unable to treat your passwd file, please try again later", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
defer fdchal.Close()
|
||||
|
||||
io.Copy(fd, fdchal)
|
||||
|
||||
// Append the new cpio archive
|
||||
zw := gzip.NewWriter(fd)
|
||||
wcpio := cpio.NewWriter(zw)
|
||||
|
||||
@ -91,6 +102,6 @@ func passwd(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
log.Println("Registered shadow from", r.RemoteAddr)
|
||||
log.Println("Registered shadow for", r.RemoteAddr)
|
||||
http.Error(w, "Success", http.StatusOK)
|
||||
}
|
||||
|
||||
@ -2,6 +2,7 @@ package main
|
||||
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"crypto/md5"
|
||||
"crypto/sha512"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
@ -27,6 +28,12 @@ func RegisterUserIP(ip net.IP, username string) error {
|
||||
return registerUser(pxeUserTplPath, fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username, ip)
|
||||
}
|
||||
|
||||
func initrd_name(remote string) string {
|
||||
initrd := hmac.New(md5.New, []byte(loginSalt))
|
||||
initrd.Write([]byte(remote))
|
||||
return fmt.Sprintf("%x", initrd.Sum(nil))
|
||||
}
|
||||
|
||||
func registerUser(tplPath string, filename string, username string, ip net.IP) error {
|
||||
if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, tplPath)); err != nil {
|
||||
return err
|
||||
@ -46,6 +53,7 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
|
||||
return err
|
||||
} else if err := pxeTmpl.Execute(userfd, map[string]string{
|
||||
"username": username,
|
||||
"initrd": initrd_name(ip.String()),
|
||||
"pkey": fmt.Sprintf("%x", pkey.Sum(nil)),
|
||||
"ip": ip.String(),
|
||||
}); err != nil {
|
||||
|
||||
@ -20,7 +20,7 @@ menu title Welcome {{ .username }} to the EPITA ADvanced LINux administration co
|
||||
LABEL challenge
|
||||
MENU LABEL ^Enter Challenge
|
||||
KERNEL ../bzImage
|
||||
INITRD ../challenge-initrd.img
|
||||
INITRD ../s/{{ .initrd }}.img
|
||||
APPEND console=tty0 adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }} quiet
|
||||
text help
|
||||
You are currently identified as {{ .username }}.
|
||||
|
||||
@ -30,7 +30,7 @@ echo -n Kernel command line: ${}
|
||||
read cmdline || goto start
|
||||
|
||||
kernel tftp://${next-server}/bzImage ${cmdline} adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }}
|
||||
initrd tftp://${next-server}/challenge-initrd.img
|
||||
initrd tftp://${next-server}/s/{{ .initrd }}.img
|
||||
boot || goto failed
|
||||
goto start
|
||||
|
||||
|
||||
Reference in New Issue
Block a user