about summary refs log tree commit diff
diff options
8 files changed, 280 insertions, 22 deletions
diff --git a/hosted/access.html b/hosted/access.html
new file mode 100644
index 0000000..d2fc69a
--- /dev/null
+++ b/hosted/access.html
@@ -0,0 +1,77 @@
+<!DOCTYPE html>
+    <head>
+        <meta charset="utf-8">
+        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
+        <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.11/handlebars.min.js"></script>
+        <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
+        <style type="text/css">
+            body {
+                overflow-y: scroll;
+            }
+        </style>
+    </head>
+    <body>
+        <nav class="navbar navbar-expand-md navbar-dark bg-dark mb-4">
+            <a class="navbar-brand" href="/">Companion</a>
+            <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarCollapse" aria-controls="navbarCollapse" aria-expanded="false" aria-label="Toggle navigation">
+                <span class="navbar-toggler-icon"></span>
+            </button>
+            <div class="collapse navbar-collapse" id="navbarCollapse">
+                <ul class="navbar-nav mr-auto">
+                    <li class="nav-item">
+                        <a class="nav-link" href="/">Home <span class="sr-only">(current)</span></a>
+                    </li>
+                    <li class="nav-item active">
+                        <a class="nav-link" href="/access">Access</a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link" href="/challenges">Challenges</a>
+                    </li>
+                </ul>
+                <form class="form-inline mt-2 mt-md-0" action="/logout" method="post">
+                    <button class="btn btn-outline-danger my-2 my-sm-0" type="submit">Logout</button>
+                </form>
+            </div>
+        </nav>
+        <main class="container" role="main">
+            <div class="card">
+                <div class="card-header">
+                    Access
+                </div>
+                <div class="card-body">
+                    Access to the challenge containers is provided via OpenVPN.
+                    <hr>
+                    <button class="btn btn-secondary" onclick="loadConfig()">Reload</button>
+                    <button class="btn btn-primary" onclick="downloadConfig()">Download</button>
+                    <hr>
+                    <pre><code id="config">Loading...</code></pre>
+                </div>
+            </div>
+            <br>
+        </main>
+        <script>
+            function loadConfig() {
+                $("#config").html("Loading...");
+                $.get("/api/getAccess").done(function(data) {
+                    var result = jQuery.parseJSON(data);
+                    $("#config").html(result["credentials"]);
+                });
+            }
+            function downloadConfig() {
+                $.get("/api/getAccess").done(function(data) {
+                    var result = jQuery.parseJSON(data);
+                    var configBlob = new Blob([result["credentials"]], {'type':'application/x-openvpn-config'});
+                    window.location = URL.createObjectURL(configBlob);
+                });
+            }
+            $(document).ready(
+                function(){
+                    loadConfig()
+                }
+            );
+        </script>
+    </body>
\ No newline at end of file
diff --git a/hosted/challenges.html b/hosted/challenges.html
index e42d7f0..165b9a9 100644
--- a/hosted/challenges.html
+++ b/hosted/challenges.html
@@ -79,6 +79,9 @@
                     <li class="nav-item">
                         <a class="nav-link" href="/">Home <span class="sr-only">(current)</span></a>
+                    <li class="nav-item">
+                        <a class="nav-link" href="/access">Access</a>
+                    </li>
                     <li class="nav-item active">
                         <a class="nav-link" href="/challenges">Challenges</a>
diff --git a/hosted/index.html b/hosted/index.html
index 0f40399..70244cc 100644
--- a/hosted/index.html
+++ b/hosted/index.html
@@ -16,6 +16,9 @@
                         <a class="nav-link" href="/">Home <span class="sr-only">(current)</span></a>
                     <li class="nav-item">
+                        <a class="nav-link" href="/access">Access</a>
+                    </li>
+                    <li class="nav-item">
                         <a class="nav-link" href="/challenges">Challenges</a>
diff --git a/src/access.go b/src/access.go
new file mode 100644
index 0000000..6072025
--- /dev/null
+++ b/src/access.go
@@ -0,0 +1,111 @@
+package main
+import (
+	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types"
+	"time"
+	"errors"
+	"net/http"
+	"fmt"
+	"github.com/docker/docker/api/types/network"
+var vpnContainerID string
+var vpnNetworkID string
+func startVPN() (err error) {
+	// Set up our context and Docker CLI connection
+	setupContext()
+	setupDockerCLI()
+	// Set up network
+	setupNetwork()
+	// Create container
+	resp, err := dockerCli.ContainerCreate(dockerCtx, &container.Config{
+		Image: "circus-vpn",
+	}, &container.HostConfig{
+		Privileged: true,
+	}, &network.NetworkingConfig{
+		EndpointsConfig: map[string]*network.EndpointSettings{
+			"endpoint": {
+				NetworkID: vpnNetworkID,
+			},
+		},
+	}, "")
+	if err != nil {
+		return err
+	}
+	// Start container
+	err = dockerCli.ContainerStart(dockerCtx, resp.ID, types.ContainerStartOptions{})
+	if err != nil {
+		return err
+	}
+	vpnContainerID = resp.ID
+	return nil
+func stopVPN() {
+	setupContext()
+	setupDockerCLI()
+	timeout := time.Second * 5
+	dockerCli.ContainerStop(dockerCtx, vpnContainerID, &timeout)
+	vpnContainerID = ""
+func setupNetwork() (error) {
+	setupContext()
+	setupDockerCLI()
+	if vpnNetworkID == "" {
+		response, err := dockerCli.NetworkCreate(dockerCtx, VPNNetworkName, types.NetworkCreate{
+			Internal: true,
+		})
+		if err != nil {
+			return err
+		}
+		vpnNetworkID = response.ID
+	}
+	return nil
+func getCertificate() (string, error) {
+	if vpnContainerID == "" {
+		return "", errors.New("VPN container not up")
+	}
+	// Get IP of VPN container
+	inspectJSON, err := dockerCli.ContainerInspect(dockerCtx, vpnContainerID)
+	if err != nil {
+		return "", err
+	}
+	// get certificate
+	var certResponse *http.Response
+	for i := 0; i < 10; i++ {
+		certResponse, err = http.Get(fmt.Sprintf("http://%s:9999/", inspectJSON.NetworkSettings.Networks[VPNNetworkName].IPAddress))
+		if err == nil {
+			break
+		}
+		time.Sleep(time.Second)
+	}
+	if err != nil {
+		return "", err
+	}
+	buffer := make([]byte, 1024)
+	certResponse.Body.Read(buffer)
+	return string(buffer), nil
diff --git a/src/container.go b/src/container.go
index 73912bf..5b2075b 100644
--- a/src/container.go
+++ b/src/container.go
@@ -1,12 +1,15 @@
 package main
 import (
-	"context"
-	"github.com/docker/docker/client"
+	"github.com/docker/docker/api/types/network"
+const (
+	VPNNetworkName = "vpn-network"
 type ChallengeContainer struct {
@@ -15,33 +18,26 @@ type ChallengeContainer struct {
 	IP string
-var (
-	dockerCtx context.Context
-	dockerCli *client.Client
 // Starts the container and returns its address and containerID if successful
 func (cc ChallengeContainer) startContainer() (address string, containerID string, err error) {
-	// Set up our context if there is none already set up
-	if dockerCtx == nil {
-		dockerCtx = context.Background()
-	}
-	// Set up our Docker CLI connection if there is not already one
-	if dockerCli == nil {
-		dockerCli, err = client.NewEnvClient()
-		if err != nil {
-			return "", "", err
-		}
-	}
+	// Set up our context and Docker CLI connection
+	setupContext()
+	setupDockerCLI()
+	// Set up network
+	setupNetwork()
 	// Create container
 	resp, err := dockerCli.ContainerCreate(dockerCtx, &container.Config{
 		Image: cc.Challenge.Container,
 		Env: []string{fmt.Sprintf("FLAG=%s", cc.Challenge.Flag)},
 		Tty: false,
-	}, nil, nil, "")
+	}, nil, &network.NetworkingConfig{
+		EndpointsConfig: map[string]*network.EndpointSettings{
+			VPNNetworkName: {
+				NetworkID: vpnNetworkID,
+			},
+		},
+	}, "")
 	if err != nil {
 		return "", "", err
@@ -60,7 +56,7 @@ func (cc ChallengeContainer) startContainer() (address string, containerID strin
 	// Return IP, Container ID and error
-	return inspectJSON.NetworkSettings.IPAddress, resp.ID,nil
+	return inspectJSON.NetworkSettings.Networks[VPNNetworkName].IPAddress, resp.ID,nil
 // Stops the container with a timeout of one second
diff --git a/src/docker.go b/src/docker.go
new file mode 100644
index 0000000..9bc667b
--- /dev/null
+++ b/src/docker.go
@@ -0,0 +1,25 @@
+package main
+import (
+	"github.com/docker/docker/client"
+	"context"
+var (
+	dockerCtx context.Context
+	dockerCli *client.Client
+func setupContext() {
+	if dockerCtx == nil {
+		dockerCtx = context.Background()
+	}
+func setupDockerCLI() (err error) {
+	if dockerCli == nil {
+		dockerCli, err = client.NewEnvClient()
+	}
+	return err
\ No newline at end of file
diff --git a/src/http.go b/src/http.go
index 287004f..c7ad213 100644
--- a/src/http.go
+++ b/src/http.go
@@ -30,10 +30,12 @@ func runHTTPServer() (error) {
 	r.HandleFunc("/login", loginPostHandler).Methods("POST")
 	r.HandleFunc("/logout", logoutHandler).Methods("POST")
 	r.HandleFunc("/challenges", challengesHandler).Methods("GET")
+	r.HandleFunc("/access", accessHandler).Methods("GET")
 	r.HandleFunc("/api/getChallenges", getChallengesHandler).Methods("GET")
 	r.HandleFunc("/api/submitFlag", submitFlagHandler).Methods("POST")
 	r.HandleFunc("/api/startContainer", startContainerHandler).Methods("POST")
 	r.HandleFunc("/api/stopContainer", stopContainerHandler).Methods("POST")
+	r.HandleFunc("/api/getAccess", getAccessHandler).Methods("GET")
 	address := fmt.Sprintf(":%d", *port)
 	return http.ListenAndServe(address, r)
@@ -163,6 +165,19 @@ func challengesHandler(w http.ResponseWriter, r *http.Request) {
+// Host the access file
+func accessHandler(w http.ResponseWriter, r *http.Request) {
+	session, cookieNotFoundError := r.Cookie("session")
+	if cookieNotFoundError != nil || !isValidSession(session.Value) {
+		// either no session cookie found, or it contains an invalid session token. Redirect.
+		http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
+	} else {
+		// valid session token found, redirect to frontpage
+		readFileToResponse(w, "/access.html")
+	}
 func getChallengesHandler(w http.ResponseWriter, r *http.Request) {
 	session, cookieNotFoundError := r.Cookie("session")
@@ -282,3 +297,27 @@ func stopContainerHandler(w http.ResponseWriter, r *http.Request) {
+// Returns the configuration for the VPN
+func getAccessHandler(w http.ResponseWriter, r *http.Request) {
+	session, cookieNotFoundError := r.Cookie("session")
+	if cookieNotFoundError != nil || !isValidSession(session.Value) {
+		// either no session cookie found, or it contains an invalid session token. Redirect.
+		http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
+	} else {
+		// valid session token found, get credentials
+		credentials, err := getCertificate()
+		errorString := ""
+		if err != nil {
+			errorString = err.Error()
+		}
+		jsonAnswer, _ := json.Marshal(map[string]string{
+			"error": errorString,
+			"credentials": credentials,
+		})
+		w.Write([]byte(jsonAnswer))
+	}
diff --git a/src/main.go b/src/main.go
index 9885957..a06ee66 100644
--- a/src/main.go
+++ b/src/main.go
@@ -16,6 +16,10 @@ func main() {
 	// Read challenges from file
+	// Start our VPN container and network
+	startVPN()
+	defer stopVPN()
 	// Run HTTP server
\ No newline at end of file