Makefile

@@ -37,14 +37,6 @@ pkg/login-validator: pkg/login-validator/cmd/login.go pkg/login-validator/cmd/ma
 	$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/login-validator/
 	touch pkg/login-validator
 
-pkg/minichecker: pkg/minichecker/build.yml pkg/minichecker/cmd/main.go pkg/minichecker/cmd/adlin.token pkg/minichecker/cmd/adlin.conf pkg/minichecker/cmd/checker.go pkg/minichecker/cmd/encode.go pkg/minichecker/cmd/wg.go pkg/minichecker/Dockerfile
-	$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/minichecker/
-	touch pkg/minichecker
-
-pkg/resolver: pkg/resolver/build.yml pkg/resolver/docker-entrypoint.sh pkg/resolver/Dockerfile
-	$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/resolver/
-	touch pkg/resolver
-
 pkg/monit: pkg/monit/build.yml pkg/monit/Dockerfile
 	$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/monit/
 	touch pkg/monit
@@ -85,7 +77,7 @@ pkg/tinydeb: pkg/tinydeb/sshd_config pkg/tinydeb/gai.conf pkg/tinydeb/build.yml
 	touch pkg/tinydeb
 
 pkg/nsd: pkg/nsd/sshd_config pkg/nsd/build.yml pkg/nsd/init pkg/nsd/Dockerfile
-	$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/nsd/
+	$(LINUXKIT) pkg build --platforms linux/amd64 -org nemunaire pkg/tinydeb/
 	touch pkg/nsd
 
 tuto2-kernel: tuto2.yml
@@ -117,7 +109,7 @@ tuto3-initrd.img: tuto3.yml
 tuto3-cmdline: tuto3.yml
 	$(LINUXKIT) build -docker $<
 
-tuto3.iso: tuto3.yml pkg/debian-tuto3 pkg/router-tuto3 pkg/minichecker pkg/tinydeb pkg/resolver pkg/nsd
+tuto3.iso: tuto3.yml pkg/debian-tuto3 pkg/router-tuto3 pkg/tinydeb pkg/unbound pkg/nsd
 	$(LINUXKIT) build -docker -format iso-bios $<
 
 

pkg/resolver/build.yml

@@ -1,4 +1,4 @@
-image: resolver
+image: unbound
 network: true
 arches:
 - x86_64

pkg/router-tuto3/Dockerfile

@@ -1,4 +1,4 @@
-FROM openwrtorg/rootfs:x86-64-21.02.2
+FROM openwrtorg/rootfs:x86-64-19.07.7
 
 RUN mkdir -p /var/lock/ && opkg update && opkg install \
     bind-dig \
@@ -6,9 +6,9 @@ RUN mkdir -p /var/lock/ && opkg update && opkg install \
     ethtool \
     luci-proto-wireguard \
     nano \
-    msmtp \
-    python3 \
+    ssmtp \
+    python \
     tcpdump \
-  && rm /etc/resolv.conf \
   && rm -rf /var/lock \
-  && rm -rf /etc/ssh/ssh_host_*_key*
+  && rm -rf /etc/ssh/ssh_host_*_key* \
+  && echo "alias ip='ip -c'" >> /etc/profile

pkg/tinydeb/Dockerfile

@@ -4,8 +4,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
     busybox \
     nano \
     openssh-server \
-    python3 \
-    python3-apt \
+    python \
+    python-apt \
     systemd-sysv \
     vim.tiny \
   && rm -rf /var/lib/apt/lists/* \

token-validator/remote-challenge.go

@@ -1,123 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"crypto/ed25519"
-	"encoding/base64"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"log"
-	"net/http"
-	"time"
-
-	"github.com/julienschmidt/httprouter"
-
-	"git.nemunai.re/srs/adlin/libadlin"
-)
-
-func init() {
-	router.POST("/remote", rawHandler(responseHandler(remoteChallHandler(receiveRemoteChallenge))))
-}
-
-type SendMeta struct {
-	Time  time.Time `json:"time"`
-	Login string    `json:"login"`
-	Test  string    `json:"test"`
-}
-
-type SendContent struct {
-	Meta    []byte `json:"meta"`
-	Data    []byte `json:"data"`
-	Sign    []byte `json:"sign"`
-	Key     []byte `json:"key"`
-	KeySign []byte `json:"keysign"`
-}
-
-func remoteChallHandler(f func(*http.Request, *adlin.Student, SendContent) (interface{}, error)) func(*http.Request, httprouter.Params, []byte) (interface{}, error) {
-	return func(r *http.Request, ps httprouter.Params, body []byte) (v interface{}, err error) {
-		var data SendContent
-		err = json.Unmarshal(body, &data)
-		if err != nil {
-			return
-		}
-
-		// Check signatures
-		if !ed25519.Verify(adlin.GetCollectorPublic(), data.Key, data.KeySign) {
-			return nil, fmt.Errorf("Bad KSK signature")
-		}
-
-		if !ed25519.Verify(data.Key, append(data.Meta, data.Data...), data.Sign) {
-			return nil, fmt.Errorf("Bad DSK signature")
-		}
-
-		var meta SendMeta
-		err = json.NewDecoder(base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data.Meta))).Decode(&meta)
-		if err != nil {
-			return
-		}
-
-		// Find pubkeys associated with login
-		var std *adlin.Student
-		std, err = adlin.GetStudentByLogin(string(meta.Login))
-		if err != nil {
-			return
-		}
-
-		var tps []ed25519.PublicKey
-		tps, err = std.GetActivesTunnelsPubKey()
-		if err != nil {
-			return
-		}
-
-		// Check signature
-		found := false
-		for _, pubk := range tps {
-			if pubk.Equal(ed25519.PublicKey(data.Key)) {
-				found = true
-				break
-			}
-		}
-
-		if !found {
-			return nil, fmt.Errorf("Unable to find key for user")
-		}
-
-		return f(r, std, data)
-	}
-}
-
-func receiveRemoteChallenge(r *http.Request, std *adlin.Student, data SendContent) (interface{}, error) {
-	var tests map[string]*string
-	err := json.NewDecoder(base64.NewDecoder(base64.StdEncoding, bytes.NewBuffer(data.Data))).Decode(&tests)
-	if err != nil {
-		return nil, err
-	}
-
-	for k, v := range tests {
-		var chalid int
-		switch k {
-		case "wks-cm1":
-			chalid = 210
-		case "wks-dg1":
-			chalid = 209
-		case "wks-rh1":
-			chalid = 208
-		case "wks-rh2":
-			chalid = 208
-		}
-
-		if chalid != 0 {
-			if v == nil {
-				if _, err := std.UnlockChallenge(chalid, ""); err != nil {
-					log.Printf("Unable to register challenge for %s: %s\n", std.Login, err.Error())
-				}
-			} else if errreg := std.RegisterChallengeError(chalid, errors.New(*v)); errreg != nil {
-				log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg)
-			}
-
-		}
-	}
-
-	return true, err
-}