tokens: use adlin to transmit wg-adlin

2021-02-18 01:14:10 +01:00 · 2021-02-18 01:14:10 +01:00 · 833d3198f2
commit 833d3198f2
parent a4d84a241d
3 changed files with 38 additions and 8 deletions
--- a/challenge.yml
+++ b/challenge.yml
@ -97,8 +97,6 @@ files:
      PrivateKey = $privatekey
      EOF
-      curl -f -d @- http://wg.adlin.nemunai.re:81/register <<EOF >> /etc/wireguard/adlin.conf &&
+      adlin "${publickey}" | curl -f -d @- http://wg.adlin.nemunai.re/register >> /etc/wireguard/adlin.conf &&
-      {"PubKey": "${publickey}"}
+      echo -e "[\\e[01;32m+\\e[0m] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
      EOF
      echo -e "[\\e[01;32m+] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
    mode: "0755"
--- a/pkg/wg-manager/cmd/register.go
+++ b/pkg/wg-manager/cmd/register.go
@ -48,7 +48,6 @@ func init() {
 		log.Fatal(err)
 	}
 	// Calculate public key
 	cmdPubK := exec.Command("wg", "pubkey")
 	cmdPubK.Stdin = bytes.NewReader(outPrvK)
@ -70,7 +69,9 @@ func init() {
 }
 type PubTunnel struct {
-	PubKey []byte
+	Login  string   `json:"login"`
 	PubKey [][]byte `json:"data"`
 	Token  string   `json:"token"`
 }
 func register(w http.ResponseWriter, r *http.Request) {
@ -91,11 +92,24 @@ func register(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	// Validate wg token
 	if j, err := json.Marshal(pt); err != nil {
 		http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
 		return
 	} else if r, err := http.NewRequest("POST", "https://adlin.nemunai.re/wg-step", bytes.NewReader(j)); err != nil {
 		http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
 		return
 	} else if resp, err := http.DefaultClient.Do(r); err == nil {
 		resp.Body.Close()
 	} else {
 		log.Printf("Unable to register wg-step on token-validator:", err)
 	}
 	if next_ip, err := findNextIP(); err != nil {
 		http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusBadRequest)
 		return
 	} else {
-		addWgPeer(pt.PubKey, next_ip)
+		addWgPeer(pt.PubKey[0], next_ip)
 		w.Header().Set("Content-Type", "text/plain")
 		w.Write([]byte(fmt.Sprintf(`# Address=%s/18
--- a/token-validator/challenge.go
+++ b/token-validator/challenge.go
@ -72,6 +72,17 @@ func sslOnly(_ *adlin.Student, r *http.Request) error {
 /* Challenges */
 func challengeOk(s *adlin.Student, t *givenToken, chid int) error {
 	pkey := s.GetPKey()
 	if expectedToken, err := GenerateToken(pkey, 0, []byte(t.Data[0])); err != nil {
 		return err
 	} else if !hmac.Equal(expectedToken, t.token) {
 		return errors.New("This is not the expected token.")
 	} else {
 		return nil
 	}
 }
 func challenge42(s *adlin.Student, t *givenToken, chid int) error {
 	pkey := s.GetPKey()
 	if expectedToken, err := GenerateToken(pkey, chid, []byte("42")); err != nil {
@ -257,6 +268,12 @@ func init() {
 			Check:      challengeEMail,
 		},
 		/* wg step */
 		Challenge{
 			Accessible: []func(*adlin.Student, *http.Request) error{noAccessRestriction},
 			Check:      challengeOk,
 		},
 		/* Last : SSH key, see ssh.go:156 in NewKey function */
 		Challenge{
 			Accessible: []func(*adlin.Student, *http.Request) error{noAccess},
@ -270,6 +287,7 @@ func init() {
 	router.POST("/toctoc", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 6))))
 	router.POST("/echorequest", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 7))))
 	router.POST("/testdisk", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 8))))
 	router.POST("/wg-step", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 10))))
 }
 type givenToken struct {