teach/adlin
Archived
0
0
Fork 0
Code Issues 1 Pull Requests 4 Releases Activity

login-validator: handle iPXE tpl

Browse Source
This commit is contained in:
nemunaire 2019-02-26 12:34:31 +01:00
parent fdb66fcac1
commit e08c9306da
2 changed files with 32 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
pkg/login-validator/cmd/login.go
View File

@ -9,14 +9,10 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"io/ioutil"
"log" "log"
"net" "net"
"net/http" "net/http"
"os"
"path"
"strings" "strings"
"text/template"
"time" "time"
"gopkg.in/ldap.v2" "gopkg.in/ldap.v2"
@ -156,30 +152,35 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
} }
// Find corresponding MAC // Find corresponding MAC
var fname string var ip net.IP
spl := strings.SplitN(r.RemoteAddr, ":", 2) spl := strings.SplitN(r.RemoteAddr, ":", 2)
if ip := net.ParseIP(spl[0]); ip == nil { if ip = net.ParseIP(spl[0]); ip == nil {
http.Error(w, "Unable to parse given IPv4: " + spl[0], http.StatusInternalServerError) http.Error(w, "Unable to parse given IPv4: " + spl[0], http.StatusInternalServerError)
return return
} else if arptable, err := ARPAnalyze(); err != nil { }
http.Error(w, err.Error(), http.StatusInternalServerError) var mac *ARPEntry
return if tab, err := ARPAnalyze(); err != nil {
} else if arpent := ARPContainsIP(arptable, ip); arpent == nil { log.Println("Error on ARPAnalyze:", err)
http.Error(w, "Unable to find MAC in ARP table", http.StatusInternalServerError) http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
return return
} else { } else {
fname = fmt.Sprintf("%02x-%02x-%02x-%02x-%02x-%02x-%02x", arpent.HWType, arpent.HWAddress[0], arpent.HWAddress[1], arpent.HWAddress[2], arpent.HWAddress[3], arpent.HWAddress[4], arpent.HWAddress[5]) mac = ARPContainsIP(tab, ip)
}
if mac == nil {
log.Printf("Unable to find MAC address for given IP (%s)\n", ip)
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
} }
// Register the user remotely // Register the user remotely
if err := l.registerUser(lu.Username, r.RemoteAddr, fname); err != nil { if err := l.registerUser(lu.Username, r.RemoteAddr, *mac); err != nil {
log.Println("Error on remote registration:", err) log.Println("Error on remote registration:", err)
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError) http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
return return
} }
// Generate PXE file // Generate PXE file
if err := l.lateLoginAction(lu.Username, r.RemoteAddr, fname); err != nil { if err := l.lateLoginAction(lu.Username, r.RemoteAddr, *mac); err != nil {
log.Println("Error on late login action:", err) log.Println("Error on late login action:", err)
http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError) http.Error(w, "Internal server error. Please retry in a few minutes", http.StatusInternalServerError)
return return
@ -189,8 +190,8 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
http.Error(w, "Success", http.StatusOK) http.Error(w, "Success", http.StatusOK)
} }
func (l loginChecker) registerUser(username, remoteAddr, mac string) error { func (l loginChecker) registerUser(username, remoteAddr string, ent ARPEntry) error {
bts, err := json.Marshal(map[string]interface{}{"login": username, "ip": remoteAddr, "mac": mac}) bts, err := json.Marshal(map[string]interface{}{"login": username, "ip": remoteAddr, "mac": fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x", ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5])})
if err != nil { if err != nil {
return nil return nil
} }
@ -215,22 +216,6 @@ func (l loginChecker) registerUser(username, remoteAddr, mac string) error {
} }
} }
func (l loginChecker) lateLoginAction(username, remoteAddr, fname string) error { func (l loginChecker) lateLoginAction(username, remoteAddr string, mac ARPEntry) error {
if tpl, err := ioutil.ReadFile(path.Join(tftpDir, "pxelinux.cfg", "tpl")); err != nil { return RegisterUserMAC(mac, username)
log.Println("Unable to open tpl: ", err)
} else if file, err := os.OpenFile(path.Join(tftpDir, "pxelinux.cfg", fname), os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.FileMode(0644)); err != nil {
log.Println("Unable to open destination file: ", err)
} else {
defer file.Close()
mac := hmac.New(sha512.New512_224, []byte(loginSalt))
if configTmpl, err := template.New("pxelinux.cfg").Parse(string(tpl)); err != nil {
log.Println("Cannot create template: ", err)
} else if err := configTmpl.Execute(file, map[string]string{"username": username, "remoteAddr": remoteAddr, "pkey": fmt.Sprintf("%x", mac.Sum([]byte(username))), "fname": fname}); err != nil {
log.Println("An error occurs during template execution: ", err)
}
}
return nil
} }

23
pkg/login-validator/cmd/pxetpl.go
View File

@ -1,7 +1,8 @@
package main package main
import ( import (
"errors" "crypto/hmac"
"crypto/sha512"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net" "net"
@ -11,32 +12,34 @@ import (
) )
const pxeUserTplPath = "pxelinux.cfg/tpl" const pxeUserTplPath = "pxelinux.cfg/tpl"
const ipxeUserTplPath = "pxelinux.cfg/tpl.ipxe"
const pxeUserPath = "pxelinux.cfg" const pxeUserPath = "pxelinux.cfg"
func RegisterUserMAC(ip net.IP, username string) error { func RegisterUserMAC(ent ARPEntry, username string) error {
if tab, err := ARPAnalyze(); err != nil { if err := registerUser(ipxeUserTplPath, fmt.Sprintf("%02x:%02x:%02x:%02x:%02x:%02x.ipxe", ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5]), username); err != nil {
return err return err
} else if ent := ARPContainsIP(tab, ip); ent == nil {
return errors.New(fmt.Sprintf("Unable to find MAC address for given IP (%s)", ip))
} else { } else {
return registerUser(fmt.Sprintf("%02X-%02X-%02X-%02X-%02X-%02X-%02X", ent.HWType, ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5]), username) return registerUser(pxeUserTplPath, fmt.Sprintf("%02x-%02x-%02x-%02x-%02x-%02x-%02x", ent.HWType, ent.HWAddress[0], ent.HWAddress[1], ent.HWAddress[2], ent.HWAddress[3], ent.HWAddress[4], ent.HWAddress[5]), username)
} }
} }
func RegisterUserIP(ip net.IP, username string) error { func RegisterUserIP(ip net.IP, username string) error {
return registerUser(fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username) return registerUser(pxeUserTplPath, fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username)
} }
func registerUser(filename string, username string) error { func registerUser(tplPath string, filename string, username string) error {
if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, pxeUserTplPath)); err != nil { if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, tplPath)); err != nil {
return err return err
} else if userfd, err := os.OpenFile(path.Join(tftpDir, pxeUserPath, filename), os.O_RDWR|os.O_CREATE, 0644); err != nil { } else if userfd, err := os.OpenFile(path.Join(tftpDir, pxeUserPath, filename), os.O_RDWR|os.O_CREATE, 0644); err != nil {
return err return err
} else { } else {
defer userfd.Close() defer userfd.Close()
pkey := hmac.New(sha512.New512_224, []byte(loginSalt))
if pxeTmpl, err := template.New("pxeUser").Parse(string(pxeTplCnt)); err != nil { if pxeTmpl, err := template.New("pxeUser").Parse(string(pxeTplCnt)); err != nil {
return err return err
} else if err := pxeTmpl.Execute(userfd, map[string]string{"username": username}); err != nil { } else if err := pxeTmpl.Execute(userfd, map[string]string{"username": username, "pkey": fmt.Sprintf("%x", pkey.Sum([]byte(username)))}); err != nil {
return err return err
} }
} }