diff --git a/config.sample.toml b/config.sample.toml index 96112957..50706ae1 100644 --- a/config.sample.toml +++ b/config.sample.toml @@ -18,6 +18,7 @@ manifests = [ "elasticsearch_statefulset.yaml", "kibana.yaml", "fluentd-daemonset.yaml", + "ingress.yml" ] [services.api] diff --git a/lib/utils/ssh.go b/lib/utils/ssh.go new file mode 100644 index 00000000..d2db8d1f --- /dev/null +++ b/lib/utils/ssh.go @@ -0,0 +1,55 @@ +package utils + +import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "fmt" + "golang.org/x/crypto/ssh" + "strings" +) + +func CheckPrivateKey(privateKey, publicKey string) bool { + //check key + pub, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey)) + if err != nil { + fmt.Println("error in parsing public key") + return false + } + + private, err := ssh.ParsePrivateKey([]byte(privateKey)) + if err != nil { + fmt.Println("error in parsing private key") + return false + } + + return bytes.Equal(private.PublicKey().Marshal(), pub.Marshal()) +} + +func GenerateSSHKeyPair() (string, string, error) { + privateKey, err := rsa.GenerateKey(rand.Reader, 1024) + if err != nil { + return "", "", err + } + + // generate and write private key as PEM + var privKeyBuf strings.Builder + + privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)} + if err := pem.Encode(&privKeyBuf, privateKeyPEM); err != nil { + return "", "", err + } + + // generate and write public key + pub, err := ssh.NewPublicKey(&privateKey.PublicKey) + if err != nil { + return "", "", err + } + + var pubKeyBuf strings.Builder + pubKeyBuf.Write(ssh.MarshalAuthorizedKey(pub)) + + return pubKeyBuf.String(), privKeyBuf.String(), nil +} diff --git a/services/sshproviderservice/server.go b/services/sshproviderservice/server.go index cef4f7d6..21cfa80a 100644 --- a/services/sshproviderservice/server.go +++ b/services/sshproviderservice/server.go @@ -1,6 +1,7 @@ package sshproviderservice import ( + "bytes" "fmt" "log" "net" @@ -66,11 +67,26 @@ func passwordHandler(s ssh.Context, password string) bool { return utils.CompareHashWithPassword(team.Password, password) } +func publicKeyHandler(s ssh.Context, key ssh.PublicKey) bool { + team, err := mongo.FetchSingleTeam(s.User()) + if err != nil { + return false + } + + publicKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(team.PublicKey)) + if err != nil { + return false + } + + return bytes.Equal(publicKey.Marshal(), key.Marshal()) +} + func Server() *ssh.Server { return &ssh.Server{ - Addr: net.JoinHostPort(g.SSHProviderConfig.Host, fmt.Sprintf("%d", g.SSHProviderConfig.Port)), - Handler: sessionHandler, - PasswordHandler: passwordHandler, + Addr: net.JoinHostPort(g.SSHProviderConfig.Host, fmt.Sprintf("%d", g.SSHProviderConfig.Port)), + Handler: sessionHandler, + PasswordHandler: passwordHandler, + PublicKeyHandler: publicKeyHandler, } } diff --git a/types/mongo.go b/types/mongo.go index 560aebc7..49a8c493 100644 --- a/types/mongo.go +++ b/types/mongo.go @@ -8,11 +8,12 @@ type AdminUser struct { } type CTFTeam struct { - Index int `json:"id" bson:"password" binding:"required"` - Name string `json:"name" bson:"username" binding:"required"` - PodName string `json:"podname" bson:"podname" binding:"required"` - Password string `json:"password" bson:"password" binding:"required"` - Score int `json:"score" bson:"score" binding:"required"` + Index int `json:"id" bson:"password" binding:"required"` + Name string `json:"name" bson:"username" binding:"required"` + PodName string `json:"podname" bson:"podname" binding:"required"` + Password string `json:"password" bson:"password" binding:"required"` + PublicKey string `json:"publicKey" bson:"publicKey" binding:"required"` // TODO : initialize + Score int `json:"score" bson:"score" binding:"required"` } type Challenge struct {