about summary refs log tree commit diff
diff options
context:
space:
mode:
authormaride <maride@darknebu.la>2018-09-08 01:29:22 +0200
committermaride <maride@darknebu.la>2018-09-08 01:29:22 +0200
commit9ee92da5e3d52fe11415193a9391eee3ad541c72 (patch)
tree221c8c4eb84750a843e1735c7c7cae26bb53ebea
parent0554bfa9a1ee2a7c9d3ff24749317fd9b3202ca2 (diff)
Avoid collision by adding the hashed username to networks
-rw-r--r--src/access.go8
-rw-r--r--src/container.go10
-rw-r--r--src/credentials.go17
-rw-r--r--src/docker.go27
-rw-r--r--src/main.go4
-rw-r--r--src/network.go4
6 files changed, 50 insertions, 20 deletions
diff --git a/src/access.go b/src/access.go
index 6f0d848..1292489 100644
--- a/src/access.go
+++ b/src/access.go
@@ -40,7 +40,7 @@ func startVPN() (err error) {
 
 	// Set up VPN host network
 	if vpnHostNetworkID == "" {
-		id, err := setupNetwork(vpnHostNetworkName, false)
+		id, err := setupNetwork(getVPNNetworkName(), false)
 		if (err != nil) {
 			return err
 		}
@@ -49,7 +49,7 @@ func startVPN() (err error) {
 
 	// Set up container network
 	if containerNetworkID == "" {
-		id, err := setupNetwork(containerNetworkName, true)
+		id, err := setupNetwork(getChallengeNetworkName(), true)
 		if (err != nil) {
 			return err
 		}
@@ -155,9 +155,9 @@ func getCertificate() (string, error) {
 	// retry for 10 seconds to dial to the VPN container
 	for i := 0; i < 10; i++ {
 		// Check if the VPN container is already part of our challenge container network
-		if inspectJSON.NetworkSettings.Networks[vpnHostNetworkName] != nil {
+		if inspectJSON.NetworkSettings.Networks[getVPNNetworkName()] != nil {
 			// it is - get the IP address and dial to it
-			certResponse, err = http.Get(fmt.Sprintf("http://%s:9999/", inspectJSON.NetworkSettings.Networks[vpnHostNetworkName].IPAddress))
+			certResponse, err = http.Get(fmt.Sprintf("http://%s:9999/", inspectJSON.NetworkSettings.Networks[getVPNNetworkName()].IPAddress))
 
 			if err == nil {
 				break
diff --git a/src/container.go b/src/container.go
index 29046e2..c06a9ed 100644
--- a/src/container.go
+++ b/src/container.go
@@ -8,10 +8,6 @@ import (
 	"time"
 )
 
-const (
-	containerNetworkName = "circus-vpnnet"
-)
-
 type ChallengeContainer struct {
 	Challenge *Challenge
 	ContainerID string
@@ -26,7 +22,7 @@ func (cc ChallengeContainer) startContainer() (address string, containerID strin
 
 	// Set up container network
 	if containerNetworkID == "" {
-		id, err := setupNetwork(containerNetworkName, true)
+		id, err := setupNetwork(getChallengeNetworkName(), true)
 		if (err != nil) {
 			return "", "", err
 		}
@@ -40,7 +36,7 @@ func (cc ChallengeContainer) startContainer() (address string, containerID strin
 		Tty: false,
 	}, nil, &network.NetworkingConfig{
 		EndpointsConfig: map[string]*network.EndpointSettings{
-			containerNetworkName: {
+			getChallengeNetworkName(): {
 				NetworkID: containerNetworkID,
 			},
 		},
@@ -63,7 +59,7 @@ func (cc ChallengeContainer) startContainer() (address string, containerID strin
 	}
 
 	// Return IP, Container ID and error
-	return inspectJSON.NetworkSettings.Networks[containerNetworkName].IPAddress, resp.ID,nil
+	return inspectJSON.NetworkSettings.Networks[getChallengeNetworkName()].IPAddress, resp.ID,nil
 }
 
 // Stops the container with a timeout of one second
diff --git a/src/credentials.go b/src/credentials.go
index 7bbcf19..03dd34e 100644
--- a/src/credentials.go
+++ b/src/credentials.go
@@ -1,10 +1,15 @@
 package main
 
-import "flag"
+import (
+	"crypto/sha512"
+	"flag"
+	"fmt"
+)
 
 var (
 	username* string
 	accessCode* string
+	compiledHash string
 )
 
 func registerCredentialsFlags() {
@@ -15,4 +20,14 @@ func registerCredentialsFlags() {
 
 func verifyCredentials(un string, ac string) (bool) {
 	return *username == un && *accessCode == ac
+}
+
+func getUsernameHash() (string) {
+	if compiledHash == "" {
+		hasher := sha512.New()
+		hasher.Write([]byte(*username))
+		compiledHash = fmt.Sprintf("%x", hasher.Sum(nil))
+	}
+
+	return compiledHash
 }
\ No newline at end of file
diff --git a/src/docker.go b/src/docker.go
index eefd8c8..405afd3 100644
--- a/src/docker.go
+++ b/src/docker.go
@@ -1,8 +1,9 @@
 package main
 
 import (
-	"github.com/docker/docker/client"
 	"context"
+	"fmt"
+	"github.com/docker/docker/client"
 )
 
 const (
@@ -10,6 +11,11 @@ const (
 )
 
 var (
+	compiledContainerNetworkName string
+	compiledChallengeNetworkName string
+)
+
+var (
 	dockerCtx context.Context
 	dockerCli *client.Client
 )
@@ -26,4 +32,21 @@ func setupDockerCLI() (err error) {
 	}
 
 	return err
-}
\ No newline at end of file
+}
+
+// Returns the network name for the companion<=>vpn network
+func getVPNNetworkName() (string) {
+	if compiledContainerNetworkName == "" {
+		compiledContainerNetworkName = fmt.Sprintf("circus-vpnnet-%s", getUsernameHash())
+	}
+
+	return compiledContainerNetworkName
+}
+
+func getChallengeNetworkName() (string) {
+	if compiledChallengeNetworkName == "" {
+		compiledChallengeNetworkName = fmt.Sprintf("circus-vpnhostnet-%s", getUsernameHash())
+	}
+
+	return compiledChallengeNetworkName
+}
diff --git a/src/main.go b/src/main.go
index 574d156..ff76b45 100644
--- a/src/main.go
+++ b/src/main.go
@@ -58,7 +58,7 @@ func cleanup(signalChannel chan os.Signal, server http.Server) {
 	log.Println("Stopping challenge containers")
 	stopAllChallengeContainers()
 	log.Println("Deleting Docker networks")
-	deleteNetwork(vpnHostNetworkName)
-	deleteNetwork(containerNetworkName)
+	deleteNetwork(getVPNNetworkName())
+	deleteNetwork(getChallengeNetworkName())
 	os.Exit(0)
 }
diff --git a/src/network.go b/src/network.go
index 93abaca..12b7d43 100644
--- a/src/network.go
+++ b/src/network.go
@@ -6,10 +6,6 @@ import (
 )
 
 
-const(
-	vpnHostNetworkName = "vpnhostnet"
-)
-
 var (
 	containerNetworkID string
 	vpnHostNetworkID string