diff --git a/Makefile b/Makefile index 5b2d5f6..fdd1d8e 100644 --- a/Makefile +++ b/Makefile @@ -37,14 +37,6 @@ pkg/login-validator: pkg/login-validator/cmd/login.go pkg/login-validator/cmd/ma $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/login-validator/ touch pkg/login-validator -pkg/minichecker: pkg/minichecker/build.yml pkg/minichecker/cmd/main.go pkg/minichecker/cmd/adlin.token pkg/minichecker/cmd/adlin.conf pkg/minichecker/cmd/checker.go pkg/minichecker/cmd/encode.go pkg/minichecker/cmd/wg.go pkg/minichecker/Dockerfile - $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/minichecker/ - touch pkg/minichecker - -pkg/resolver: pkg/resolver/build.yml pkg/resolver/docker-entrypoint.sh pkg/resolver/Dockerfile - $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/resolver/ - touch pkg/resolver - pkg/monit: pkg/monit/build.yml pkg/monit/Dockerfile $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/monit/ touch pkg/monit @@ -85,7 +77,7 @@ pkg/tinydeb: pkg/tinydeb/sshd_config pkg/tinydeb/gai.conf pkg/tinydeb/build.yml touch pkg/tinydeb pkg/nsd: pkg/nsd/sshd_config pkg/nsd/build.yml pkg/nsd/init pkg/nsd/Dockerfile - $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/nsd/ + $(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tinydeb/ touch pkg/nsd tuto2-kernel: tuto2.yml @@ -117,7 +109,7 @@ tuto3-initrd.img: tuto3.yml tuto3-cmdline: tuto3.yml $(LINUXKIT) build -docker $< -tuto3.iso: tuto3.yml pkg/debian-tuto3 pkg/router-tuto3 pkg/minichecker pkg/tinydeb pkg/resolver pkg/nsd +tuto3.iso: tuto3.yml pkg/debian-tuto3 pkg/router-tuto3 pkg/tinydeb pkg/unbound pkg/nsd $(LINUXKIT) build -docker -format iso-bios $< diff --git a/pkg/resolver/build.yml b/pkg/resolver/build.yml index e8314fe..74febfd 100644 --- a/pkg/resolver/build.yml +++ b/pkg/resolver/build.yml @@ -1,4 +1,4 @@ -image: resolver +image: unbound network: true arches: - x86_64 diff --git a/pkg/router-tuto3/Dockerfile b/pkg/router-tuto3/Dockerfile index 65760e3..942dd1b 100644 --- a/pkg/router-tuto3/Dockerfile +++ b/pkg/router-tuto3/Dockerfile @@ -1,4 +1,4 @@ -FROM openwrtorg/rootfs:x86-64-21.02.2 +FROM openwrtorg/rootfs:x86-64-19.07.7 RUN mkdir -p /var/lock/ && opkg update && opkg install \ bind-dig \ @@ -6,9 +6,9 @@ RUN mkdir -p /var/lock/ && opkg update && opkg install \ ethtool \ luci-proto-wireguard \ nano \ - msmtp \ - python3 \ + ssmtp \ + python \ tcpdump \ - && rm /etc/resolv.conf \ && rm -rf /var/lock \ - && rm -rf /etc/ssh/ssh_host_*_key* + && rm -rf /etc/ssh/ssh_host_*_key* \ + && echo "alias ip='ip -c'" >> /etc/profile diff --git a/pkg/tinydeb/Dockerfile b/pkg/tinydeb/Dockerfile index 95cb4b4..4a105c7 100644 --- a/pkg/tinydeb/Dockerfile +++ b/pkg/tinydeb/Dockerfile @@ -4,8 +4,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y \ busybox \ nano \ openssh-server \ - python3 \ - python3-apt \ + python \ + python-apt \ systemd-sysv \ vim.tiny \ && rm -rf /var/lib/apt/lists/* \ diff --git a/token-validator/remote-challenge.go b/token-validator/remote-challenge.go deleted file mode 100644 index 91dfb4c..0000000 --- a/token-validator/remote-challenge.go +++ /dev/null @@ -1,123 +0,0 @@ -package main - -import ( - "bytes" - "crypto/ed25519" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "log" - "net/http" - "time" - - "github.com/julienschmidt/httprouter" - - "git.nemunai.re/srs/adlin/libadlin" -) - -func init() { - router.POST("/remote", rawHandler(responseHandler(remoteChallHandler(receiveRemoteChallenge)))) -} - -type SendMeta struct { - Time time.Time `json:"time"` - Login string `json:"login"` - Test string `json:"test"` -} - -type SendContent struct { - Meta []byte `json:"meta"` - Data []byte `json:"data"` - Sign []byte `json:"sign"` - Key []byte `json:"key"` - KeySign []byte `json:"keysign"` -} - -func remoteChallHandler(f func(*http.Request, *adlin.Student, SendContent) (interface{}, error)) func(*http.Request, httprouter.Params, []byte) (interface{}, error) { - return func(r *http.Request, ps httprouter.Params, body []byte) (v interface{}, err error) { - var data SendContent - err = json.Unmarshal(body, &data) - if err != nil { - return - } - - // Check signatures - if !ed25519.Verify(adlin.GetCollectorPublic(), data.Key, data.KeySign) { - return nil, fmt.Errorf("Bad KSK signature") - } - - if !ed25519.Verify(data.Key, append(data.Meta, data.Data...), data.Sign) { - return nil, fmt.Errorf("Bad DSK signature") - } - - var meta SendMeta - err = json.NewDecoder(base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data.Meta))).Decode(&meta) - if err != nil { - return - } - - // Find pubkeys associated with login - var std *adlin.Student - std, err = adlin.GetStudentByLogin(string(meta.Login)) - if err != nil { - return - } - - var tps []ed25519.PublicKey - tps, err = std.GetActivesTunnelsPubKey() - if err != nil { - return - } - - // Check signature - found := false - for _, pubk := range tps { - if pubk.Equal(ed25519.PublicKey(data.Key)) { - found = true - break - } - } - - if !found { - return nil, fmt.Errorf("Unable to find key for user") - } - - return f(r, std, data) - } -} - -func receiveRemoteChallenge(r *http.Request, std *adlin.Student, data SendContent) (interface{}, error) { - var tests map[string]*string - err := json.NewDecoder(base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data.Data))).Decode(&tests) - if err != nil { - return nil, err - } - - for k, v := range tests { - var chalid int - switch k { - case "wks-cm1": - chalid = 210 - case "wks-dg1": - chalid = 209 - case "wks-rh1": - chalid = 208 - case "wks-rh2": - chalid = 208 - } - - if chalid != 0 { - if v == nil { - if _, err := std.UnlockChallenge(chalid, ""); err != nil { - log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error()) - } - } else if errreg := std.RegisterChallengeError(chalid, errors.New(*v)); errreg != nil { - log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg) - } - - } - } - - return true, err -}