login-validator: Append shadow to original challenge archive

2022-02-26 21:57:15 +01:00 · 2022-02-26 21:57:15 +01:00 · 59abc217d1
parent f317d11fac
commit 59abc217d1
4 changed files with 24 additions and 5 deletions
--- a/pkg/login-validator/cmd/passwd.go
+++ b/pkg/login-validator/cmd/passwd.go
@ -45,7 +45,7 @@ func passwd(w http.ResponseWriter, r *http.Request) {
 	defer file.Close()

 	// Save the file
-	fd, err := os.Create(path.Join(tftpDir, "shadows", fmt.Sprintf("%s.cpio", r.RemoteAddr)))
+	fd, err := os.Create(path.Join(tftpDir, "shadows", fmt.Sprintf("%s.img", initrd_name(r.RemoteAddr))))
 	if err != nil {
 		log.Println("Error when creating shadow file from", r.RemoteAddr, err.Error())
 		http.Error(w, "Unable to treat your passwd file, please try again later", http.StatusInternalServerError)
@ -53,7 +53,18 @@ func passwd(w http.ResponseWriter, r *http.Request) {
 	}
 	defer fd.Close()

-	// Generate the new cpio archive
+	// Copy the original challenge
+	fdchal, err := os.Open(path.Join(tftpDir, "challenge-initrd.img"))
+	if err != nil {
+		log.Println(r.RemoteAddr, "Error when opening original challenge initramfs:", err.Error())
+		http.Error(w, "Unable to treat your passwd file, please try again later", http.StatusInternalServerError)
+		return
+	}
+	defer fdchal.Close()
+
+	io.Copy(fd, fdchal)
+
+	// Append the new cpio archive
 	zw := gzip.NewWriter(fd)
 	wcpio := cpio.NewWriter(zw)

@ -91,6 +102,6 @@ func passwd(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	log.Println("Registered shadow from", r.RemoteAddr)
+	log.Println("Registered shadow for", r.RemoteAddr)
 	http.Error(w, "Success", http.StatusOK)
 }
--- a/pkg/login-validator/cmd/pxetpl.go
+++ b/pkg/login-validator/cmd/pxetpl.go
@ -2,6 +2,7 @@ package main

 import (
 	"crypto/hmac"
+	"crypto/md5"
 	"crypto/sha512"
 	"fmt"
 	"io/ioutil"
@ -27,6 +28,12 @@ func RegisterUserIP(ip net.IP, username string) error {
 	return registerUser(pxeUserTplPath, fmt.Sprintf("%02X%02X%02X%02X", ip.To4()[0], ip.To4()[1], ip.To4()[2], ip.To4()[3]), username, ip)
 }

+func initrd_name(remote string) string {
+	initrd := hmac.New(md5.New, []byte(loginSalt))
+	initrd.Write([]byte(remote))
+	return fmt.Sprintf("%x", initrd.Sum(nil))
+}
+
 func registerUser(tplPath string, filename string, username string, ip net.IP) error {
 	if pxeTplCnt, err := ioutil.ReadFile(path.Join(tftpDir, tplPath)); err != nil {
 		return err
@ -46,6 +53,7 @@ func registerUser(tplPath string, filename string, username string, ip net.IP) e
 			return err
 		} else if err := pxeTmpl.Execute(userfd, map[string]string{
 			"username": username,
+			"initrd":   initrd_name(ip.String()),
 			"pkey":     fmt.Sprintf("%x", pkey.Sum(nil)),
 			"ip":       ip.String(),
 		}); err != nil {
--- a/tftp/pxelinux.cfg/tpl
+++ b/tftp/pxelinux.cfg/tpl
@ -20,7 +20,7 @@ menu title Welcome {{ .username }} to the EPITA ADvanced LINux administration co
 LABEL challenge
  MENU LABEL ^Enter Challenge
  KERNEL ../bzImage
-  INITRD ../challenge-initrd.img
+  INITRD ../s/{{ .initrd }}.img
  APPEND console=tty0 adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }} quiet
  text help
          You are currently identified as {{ .username }}.
--- a/tftp/pxelinux.cfg/tpl.ipxe
+++ b/tftp/pxelinux.cfg/tpl.ipxe
@ -30,7 +30,7 @@ echo -n Kernel command line: ${}
 read cmdline || goto start

 kernel tftp://${next-server}/bzImage ${cmdline} adlin.login={{ .username }} adlin.key={{ .pkey }} adlin.ip={{ .ip }}
-initrd tftp://${next-server}/challenge-initrd.img
+initrd tftp://${next-server}/s/{{ .initrd }}.img
 boot || goto failed
 goto start