tokens: use adlin to transmit wg-adlin
This commit is contained in:
parent
a4d84a241d
commit
833d3198f2
@ -97,8 +97,6 @@ files:
|
||||
PrivateKey = $privatekey
|
||||
EOF
|
||||
|
||||
curl -f -d @- http://wg.adlin.nemunai.re:81/register <<EOF >> /etc/wireguard/adlin.conf &&
|
||||
{"PubKey": "${publickey}"}
|
||||
EOF
|
||||
echo -e "[\\e[01;32m+] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
|
||||
adlin "${publickey}" | curl -f -d @- http://wg.adlin.nemunai.re/register >> /etc/wireguard/adlin.conf &&
|
||||
echo -e "[\\e[01;32m+\\e[0m] \\e[01;32mSuccess.\\e[0m Tunnel configuration written to \\e[01m/etc/wireguard/adlin.conf\\e[0m; you have to use the address: \\e[01m$(grep Address= /etc/wireguard/adlin.conf | sed -r 's/^.*=(.*)$/\1/')\\e[0m" || echo -e "[\\e[01;31m-\\e[0m] \\e[01;31mFailure\\e[0m"
|
||||
mode: "0755"
|
||||
|
@ -17,7 +17,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
IFaceName = "wg0"
|
||||
IFaceName = "wg0"
|
||||
TunnelPort = 12912
|
||||
)
|
||||
|
||||
@ -48,7 +48,6 @@ func init() {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
|
||||
// Calculate public key
|
||||
cmdPubK := exec.Command("wg", "pubkey")
|
||||
cmdPubK.Stdin = bytes.NewReader(outPrvK)
|
||||
@ -70,7 +69,9 @@ func init() {
|
||||
}
|
||||
|
||||
type PubTunnel struct {
|
||||
PubKey []byte
|
||||
Login string `json:"login"`
|
||||
PubKey [][]byte `json:"data"`
|
||||
Token string `json:"token"`
|
||||
}
|
||||
|
||||
func register(w http.ResponseWriter, r *http.Request) {
|
||||
@ -91,11 +92,24 @@ func register(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// Validate wg token
|
||||
if j, err := json.Marshal(pt); err != nil {
|
||||
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
|
||||
return
|
||||
} else if r, err := http.NewRequest("POST", "https://adlin.nemunai.re/wg-step", bytes.NewReader(j)); err != nil {
|
||||
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusInternalServerError)
|
||||
return
|
||||
} else if resp, err := http.DefaultClient.Do(r); err == nil {
|
||||
resp.Body.Close()
|
||||
} else {
|
||||
log.Printf("Unable to register wg-step on token-validator:", err)
|
||||
}
|
||||
|
||||
if next_ip, err := findNextIP(); err != nil {
|
||||
http.Error(w, fmt.Sprintf("{errmsg:%q}", err), http.StatusBadRequest)
|
||||
return
|
||||
} else {
|
||||
addWgPeer(pt.PubKey, next_ip)
|
||||
addWgPeer(pt.PubKey[0], next_ip)
|
||||
|
||||
w.Header().Set("Content-Type", "text/plain")
|
||||
w.Write([]byte(fmt.Sprintf(`# Address=%s/18
|
||||
|
@ -72,6 +72,17 @@ func sslOnly(_ *adlin.Student, r *http.Request) error {
|
||||
|
||||
/* Challenges */
|
||||
|
||||
func challengeOk(s *adlin.Student, t *givenToken, chid int) error {
|
||||
pkey := s.GetPKey()
|
||||
if expectedToken, err := GenerateToken(pkey, 0, []byte(t.Data[0])); err != nil {
|
||||
return err
|
||||
} else if !hmac.Equal(expectedToken, t.token) {
|
||||
return errors.New("This is not the expected token.")
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func challenge42(s *adlin.Student, t *givenToken, chid int) error {
|
||||
pkey := s.GetPKey()
|
||||
if expectedToken, err := GenerateToken(pkey, chid, []byte("42")); err != nil {
|
||||
@ -257,6 +268,12 @@ func init() {
|
||||
Check: challengeEMail,
|
||||
},
|
||||
|
||||
/* wg step */
|
||||
Challenge{
|
||||
Accessible: []func(*adlin.Student, *http.Request) error{noAccessRestriction},
|
||||
Check: challengeOk,
|
||||
},
|
||||
|
||||
/* Last : SSH key, see ssh.go:156 in NewKey function */
|
||||
Challenge{
|
||||
Accessible: []func(*adlin.Student, *http.Request) error{noAccess},
|
||||
@ -270,6 +287,7 @@ func init() {
|
||||
router.POST("/toctoc", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 6))))
|
||||
router.POST("/echorequest", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 7))))
|
||||
router.POST("/testdisk", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 8))))
|
||||
router.POST("/wg-step", rawHandler(responseHandler(definedChallengeHandler(receiveToken, 10))))
|
||||
}
|
||||
|
||||
type givenToken struct {
|
||||
|
Reference in New Issue
Block a user