From 9ee92da5e3d52fe11415193a9391eee3ad541c72 Mon Sep 17 00:00:00 2001 From: maride Date: Sat, 8 Sep 2018 01:29:22 +0200 Subject: Avoid collision by adding the hashed username to networks --- src/access.go | 8 ++++---- src/container.go | 10 +++------- src/credentials.go | 17 ++++++++++++++++- src/docker.go | 27 +++++++++++++++++++++++++-- src/main.go | 4 ++-- src/network.go | 4 ---- 6 files changed, 50 insertions(+), 20 deletions(-) diff --git a/src/access.go b/src/access.go index 6f0d848..1292489 100644 --- a/src/access.go +++ b/src/access.go @@ -40,7 +40,7 @@ func startVPN() (err error) { // Set up VPN host network if vpnHostNetworkID == "" { - id, err := setupNetwork(vpnHostNetworkName, false) + id, err := setupNetwork(getVPNNetworkName(), false) if (err != nil) { return err } @@ -49,7 +49,7 @@ func startVPN() (err error) { // Set up container network if containerNetworkID == "" { - id, err := setupNetwork(containerNetworkName, true) + id, err := setupNetwork(getChallengeNetworkName(), true) if (err != nil) { return err } @@ -155,9 +155,9 @@ func getCertificate() (string, error) { // retry for 10 seconds to dial to the VPN container for i := 0; i < 10; i++ { // Check if the VPN container is already part of our challenge container network - if inspectJSON.NetworkSettings.Networks[vpnHostNetworkName] != nil { + if inspectJSON.NetworkSettings.Networks[getVPNNetworkName()] != nil { // it is - get the IP address and dial to it - certResponse, err = http.Get(fmt.Sprintf("http://%s:9999/", inspectJSON.NetworkSettings.Networks[vpnHostNetworkName].IPAddress)) + certResponse, err = http.Get(fmt.Sprintf("http://%s:9999/", inspectJSON.NetworkSettings.Networks[getVPNNetworkName()].IPAddress)) if err == nil { break diff --git a/src/container.go b/src/container.go index 29046e2..c06a9ed 100644 --- a/src/container.go +++ b/src/container.go @@ -8,10 +8,6 @@ import ( "time" ) -const ( - containerNetworkName = "circus-vpnnet" -) - type ChallengeContainer struct { Challenge *Challenge ContainerID string @@ -26,7 +22,7 @@ func (cc ChallengeContainer) startContainer() (address string, containerID strin // Set up container network if containerNetworkID == "" { - id, err := setupNetwork(containerNetworkName, true) + id, err := setupNetwork(getChallengeNetworkName(), true) if (err != nil) { return "", "", err } @@ -40,7 +36,7 @@ func (cc ChallengeContainer) startContainer() (address string, containerID strin Tty: false, }, nil, &network.NetworkingConfig{ EndpointsConfig: map[string]*network.EndpointSettings{ - containerNetworkName: { + getChallengeNetworkName(): { NetworkID: containerNetworkID, }, }, @@ -63,7 +59,7 @@ func (cc ChallengeContainer) startContainer() (address string, containerID strin } // Return IP, Container ID and error - return inspectJSON.NetworkSettings.Networks[containerNetworkName].IPAddress, resp.ID,nil + return inspectJSON.NetworkSettings.Networks[getChallengeNetworkName()].IPAddress, resp.ID,nil } // Stops the container with a timeout of one second diff --git a/src/credentials.go b/src/credentials.go index 7bbcf19..03dd34e 100644 --- a/src/credentials.go +++ b/src/credentials.go @@ -1,10 +1,15 @@ package main -import "flag" +import ( + "crypto/sha512" + "flag" + "fmt" +) var ( username* string accessCode* string + compiledHash string ) func registerCredentialsFlags() { @@ -15,4 +20,14 @@ func registerCredentialsFlags() { func verifyCredentials(un string, ac string) (bool) { return *username == un && *accessCode == ac +} + +func getUsernameHash() (string) { + if compiledHash == "" { + hasher := sha512.New() + hasher.Write([]byte(*username)) + compiledHash = fmt.Sprintf("%x", hasher.Sum(nil)) + } + + return compiledHash } \ No newline at end of file diff --git a/src/docker.go b/src/docker.go index eefd8c8..405afd3 100644 --- a/src/docker.go +++ b/src/docker.go @@ -1,14 +1,20 @@ package main import ( - "github.com/docker/docker/client" "context" + "fmt" + "github.com/docker/docker/client" ) const ( fixedDockerVersion = "1.38" ) +var ( + compiledContainerNetworkName string + compiledChallengeNetworkName string +) + var ( dockerCtx context.Context dockerCli *client.Client @@ -26,4 +32,21 @@ func setupDockerCLI() (err error) { } return err -} \ No newline at end of file +} + +// Returns the network name for the companion<=>vpn network +func getVPNNetworkName() (string) { + if compiledContainerNetworkName == "" { + compiledContainerNetworkName = fmt.Sprintf("circus-vpnnet-%s", getUsernameHash()) + } + + return compiledContainerNetworkName +} + +func getChallengeNetworkName() (string) { + if compiledChallengeNetworkName == "" { + compiledChallengeNetworkName = fmt.Sprintf("circus-vpnhostnet-%s", getUsernameHash()) + } + + return compiledChallengeNetworkName +} diff --git a/src/main.go b/src/main.go index 574d156..ff76b45 100644 --- a/src/main.go +++ b/src/main.go @@ -58,7 +58,7 @@ func cleanup(signalChannel chan os.Signal, server http.Server) { log.Println("Stopping challenge containers") stopAllChallengeContainers() log.Println("Deleting Docker networks") - deleteNetwork(vpnHostNetworkName) - deleteNetwork(containerNetworkName) + deleteNetwork(getVPNNetworkName()) + deleteNetwork(getChallengeNetworkName()) os.Exit(0) } diff --git a/src/network.go b/src/network.go index 93abaca..12b7d43 100644 --- a/src/network.go +++ b/src/network.go @@ -6,10 +6,6 @@ import ( ) -const( - vpnHostNetworkName = "vpnhostnet" -) - var ( containerNetworkID string vpnHostNetworkID string -- cgit 1.4.1