adlin: Pass SharedSecret in env

2022-02-19 11:52:09 +01:00 · 2022-02-19 11:52:09 +01:00 · e8f58bad8d
parent e39586338e
commit e8f58bad8d
4 changed files with 11 additions and 4 deletions
--- a/libadlin/secret.go
+++ b/libadlin/secret.go
@ -1,3 +1,3 @@
 package adlin

-var SharedSecret string
+var SharedSecret string = "adelina"
--- a/pkg/login-validator/cmd/login.go
+++ b/pkg/login-validator/cmd/login.go
@ -16,7 +16,7 @@ import (
 )

 var (
-	loginSalt string
+	loginSalt string = "adelina"
 	justLogin bool
 )

--- a/pkg/login-validator/cmd/main.go
+++ b/pkg/login-validator/cmd/main.go
@ -18,13 +18,17 @@ var tftpDir string
 func main() {
 	var studentsFile string

+	if v, exists := os.LookupEnv("ADLIN_SHARED_SECRET"); exists {
+		loginSalt = v
+	}
+
 	flag.BoolVar(&justLogin, "just-login", justLogin, "Don't perform MAC assignation and remote registration")

 	var bind = flag.String("bind", ":8081", "Bind port/socket")
 	flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list")
 	flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table")
 	flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
-	flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
+	flag.StringVar(&loginSalt, "loginsalt", loginSalt, "secret used in login HMAC")

 	var auth = flag.String("auth", "none", "Auth method: none, fwd, ldap, krb5")

--- a/token-validator/main.go
+++ b/token-validator/main.go
@ -73,6 +73,9 @@ func main() {
 	if v, exists := os.LookupEnv("ADLIN_TSIG_SECRET"); exists {
 		tsigSecret = v
 	}
+	if v, exists := os.LookupEnv("ADLIN_SHARED_SECRET"); exists {
+		adlin.SharedSecret = v
+	}
 	if v, exists := os.LookupEnv("ADLIN_COLLECTOR_SECRET"); !exists {
 		log.Fatal("Please define ADLIN_COLLECTOR_SECRET environment variable")
 	} else if t, err := base64.StdEncoding.DecodeString(v); err != nil {
@ -84,7 +87,7 @@ func main() {
 	var bind = flag.String("bind", ":8081", "Bind port/socket")
 	var dsn = flag.String("dsn", adlin.DSNGenerator(), "DSN to connect to the MySQL server")
 	flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
-	flag.StringVar(&adlin.SharedSecret, "sharedsecret", "adelina", "secret used to communicate with remote validator")
+	flag.StringVar(&adlin.SharedSecret, "sharedsecret", adlin.SharedSecret, "secret used to communicate with remote validator")
 	flag.StringVar(&AuthorizedKeysLocation, "authorizedkeyslocation", AuthorizedKeysLocation, "File for allowing user to SSH to the machine")
 	flag.StringVar(&SshPiperLocation, "sshPiperLocation", SshPiperLocation, "Directory containing directories for sshpiperd")
 	flag.StringVar(&ControlSocket, "ns-host", ControlSocket, "Host:port of the nameserver to use")