tokens: use adlin to transmit wg-adlin

This commit is contained in:
nemunaire 2021-02-18 01:14:10 +01:00
parent a4d84a241d
commit 833d3198f2
3 changed files with 38 additions and 8 deletions

View File

@ -97,8 +97,6 @@ files:
PrivateKey = $privatekey PrivateKey = $privatekey
EOF EOF
curl -f -d @- http://wg.adlin.nemunai.re:81/register <<EOF >> /etc/wireguard/adlin.conf && adlin "${publickey}" | curl -f -d @- http://wg.adlin.nemunai.re/register >> /etc/wireguard/adlin.conf &&
{"PubKey": "${publickey}"} echo -e "[\\e[01;32m+\\e[0m] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
EOF
echo -e "[\\e[01;32m+] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
mode: "0755" mode: "0755"

View File

@ -17,7 +17,7 @@ import (
) )
const ( const (
IFaceName = "wg0" IFaceName = "wg0"
TunnelPort = 12912 TunnelPort = 12912
) )
@ -48,7 +48,6 @@ func init() {
log.Fatal(err) log.Fatal(err)
} }
// Calculate public key // Calculate public key
cmdPubK := exec.Command("wg", "pubkey") cmdPubK := exec.Command("wg", "pubkey")
cmdPubK.Stdin = bytes.NewReader(outPrvK) cmdPubK.Stdin = bytes.NewReader(outPrvK)
@ -70,7 +69,9 @@ func init() {
} }
type PubTunnel struct { type PubTunnel struct {
PubKey []byte Login string `json:"login"`
PubKey [][]byte `json:"data"`
Token string `json:"token"`
} }
func register(w http.ResponseWriter, r *http.Request) { func register(w http.ResponseWriter, r *http.Request) {
@ -91,11 +92,24 @@ func register(w http.ResponseWriter, r *http.Request) {
return return
} }
// Validate wg token
if j, err := json.Marshal(pt); err != nil {
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
return
} else if r, err := http.NewRequest("POST", "https://adlin.nemunai.re/wg-step", bytes.NewReader(j)); err != nil {
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
return
} else if resp, err := http.DefaultClient.Do(r); err == nil {
resp.Body.Close()
} else {
log.Printf("Unable to register wg-step on token-validator:", err)
}
if next_ip, err := findNextIP(); err != nil { if next_ip, err := findNextIP(); err != nil {
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusBadRequest) http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusBadRequest)
return return
} else { } else {
addWgPeer(pt.PubKey, next_ip) addWgPeer(pt.PubKey[0], next_ip)
w.Header().Set("Content-Type", "text/plain") w.Header().Set("Content-Type", "text/plain")
w.Write([]byte(fmt.Sprintf(`# Address=%s/18 w.Write([]byte(fmt.Sprintf(`# Address=%s/18

View File

@ -72,6 +72,17 @@ func sslOnly(_ *adlin.Student, r *http.Request) error {
/* Challenges */ /* Challenges */
func challengeOk(s *adlin.Student, t *givenToken, chid int) error {
pkey := s.GetPKey()
if expectedToken, err := GenerateToken(pkey, 0, []byte(t.Data[0])); err != nil {
return err
} else if !hmac.Equal(expectedToken, t.token) {
return errors.New("This is not the expected token.")
} else {
return nil
}
}
func challenge42(s *adlin.Student, t *givenToken, chid int) error { func challenge42(s *adlin.Student, t *givenToken, chid int) error {
pkey := s.GetPKey() pkey := s.GetPKey()
if expectedToken, err := GenerateToken(pkey, chid, []byte("42")); err != nil { if expectedToken, err := GenerateToken(pkey, chid, []byte("42")); err != nil {
@ -257,6 +268,12 @@ func init() {
Check: challengeEMail, Check: challengeEMail,
}, },
/* wg step */
Challenge{
Accessible: []func(*adlin.Student, *http.Request) error{noAccessRestriction},
Check: challengeOk,
},
/* Last : SSH key, see ssh.go:156 in NewKey function */ /* Last : SSH key, see ssh.go:156 in NewKey function */
Challenge{ Challenge{
Accessible: []func(*adlin.Student, *http.Request) error{noAccess}, Accessible: []func(*adlin.Student, *http.Request) error{noAccess},
@ -270,6 +287,7 @@ func init() {
router.POST("/toctoc", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 6)))) router.POST("/toctoc", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 6))))
router.POST("/echorequest", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 7)))) router.POST("/echorequest", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 7))))
router.POST("/testdisk", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 8)))) router.POST("/testdisk", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 8))))
router.POST("/wg-step", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 10))))
} }
type givenToken struct { type givenToken struct {