tokens: use adlin to transmit wg-adlin
This commit is contained in:
parent
a4d84a241d
commit
833d3198f2
@ -97,8 +97,6 @@ files:
|
|||||||
PrivateKey = $privatekey
|
PrivateKey = $privatekey
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
curl -f -d @- http://wg.adlin.nemunai.re:81/register <<EOF >> /etc/wireguard/adlin.conf &&
|
adlin "${publickey}" | curl -f -d @- http://wg.adlin.nemunai.re/register >> /etc/wireguard/adlin.conf &&
|
||||||
{"PubKey": "${publickey}"}
|
echo -e "[\\e[01;32m+\\e[0m] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
|
||||||
EOF
|
|
||||||
echo -e "[\\e[01;32m+] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
|
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -17,7 +17,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
IFaceName = "wg0"
|
IFaceName = "wg0"
|
||||||
TunnelPort = 12912
|
TunnelPort = 12912
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -48,7 +48,6 @@ func init() {
|
|||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Calculate public key
|
// Calculate public key
|
||||||
cmdPubK := exec.Command("wg", "pubkey")
|
cmdPubK := exec.Command("wg", "pubkey")
|
||||||
cmdPubK.Stdin = bytes.NewReader(outPrvK)
|
cmdPubK.Stdin = bytes.NewReader(outPrvK)
|
||||||
@ -70,7 +69,9 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type PubTunnel struct {
|
type PubTunnel struct {
|
||||||
PubKey []byte
|
Login string `json:"login"`
|
||||||
|
PubKey [][]byte `json:"data"`
|
||||||
|
Token string `json:"token"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func register(w http.ResponseWriter, r *http.Request) {
|
func register(w http.ResponseWriter, r *http.Request) {
|
||||||
@ -91,11 +92,24 @@ func register(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate wg token
|
||||||
|
if j, err := json.Marshal(pt); err != nil {
|
||||||
|
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
} else if r, err := http.NewRequest("POST", "https://adlin.nemunai.re/wg-step", bytes.NewReader(j)); err != nil {
|
||||||
|
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
} else if resp, err := http.DefaultClient.Do(r); err == nil {
|
||||||
|
resp.Body.Close()
|
||||||
|
} else {
|
||||||
|
log.Printf("Unable to register wg-step on token-validator:", err)
|
||||||
|
}
|
||||||
|
|
||||||
if next_ip, err := findNextIP(); err != nil {
|
if next_ip, err := findNextIP(); err != nil {
|
||||||
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusBadRequest)
|
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
} else {
|
} else {
|
||||||
addWgPeer(pt.PubKey, next_ip)
|
addWgPeer(pt.PubKey[0], next_ip)
|
||||||
|
|
||||||
w.Header().Set("Content-Type", "text/plain")
|
w.Header().Set("Content-Type", "text/plain")
|
||||||
w.Write([]byte(fmt.Sprintf(`# Address=%s/18
|
w.Write([]byte(fmt.Sprintf(`# Address=%s/18
|
||||||
|
@ -72,6 +72,17 @@ func sslOnly(_ *adlin.Student, r *http.Request) error {
|
|||||||
|
|
||||||
/* Challenges */
|
/* Challenges */
|
||||||
|
|
||||||
|
func challengeOk(s *adlin.Student, t *givenToken, chid int) error {
|
||||||
|
pkey := s.GetPKey()
|
||||||
|
if expectedToken, err := GenerateToken(pkey, 0, []byte(t.Data[0])); err != nil {
|
||||||
|
return err
|
||||||
|
} else if !hmac.Equal(expectedToken, t.token) {
|
||||||
|
return errors.New("This is not the expected token.")
|
||||||
|
} else {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func challenge42(s *adlin.Student, t *givenToken, chid int) error {
|
func challenge42(s *adlin.Student, t *givenToken, chid int) error {
|
||||||
pkey := s.GetPKey()
|
pkey := s.GetPKey()
|
||||||
if expectedToken, err := GenerateToken(pkey, chid, []byte("42")); err != nil {
|
if expectedToken, err := GenerateToken(pkey, chid, []byte("42")); err != nil {
|
||||||
@ -257,6 +268,12 @@ func init() {
|
|||||||
Check: challengeEMail,
|
Check: challengeEMail,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
/* wg step */
|
||||||
|
Challenge{
|
||||||
|
Accessible: []func(*adlin.Student, *http.Request) error{noAccessRestriction},
|
||||||
|
Check: challengeOk,
|
||||||
|
},
|
||||||
|
|
||||||
/* Last : SSH key, see ssh.go:156 in NewKey function */
|
/* Last : SSH key, see ssh.go:156 in NewKey function */
|
||||||
Challenge{
|
Challenge{
|
||||||
Accessible: []func(*adlin.Student, *http.Request) error{noAccess},
|
Accessible: []func(*adlin.Student, *http.Request) error{noAccess},
|
||||||
@ -270,6 +287,7 @@ func init() {
|
|||||||
router.POST("/toctoc", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 6))))
|
router.POST("/toctoc", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 6))))
|
||||||
router.POST("/echorequest", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 7))))
|
router.POST("/echorequest", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 7))))
|
||||||
router.POST("/testdisk", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 8))))
|
router.POST("/testdisk", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 8))))
|
||||||
|
router.POST("/wg-step", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 10))))
|
||||||
}
|
}
|
||||||
|
|
||||||
type givenToken struct {
|
type givenToken struct {
|
||||||
|
Reference in New Issue
Block a user