From 3995f428698cad736b1899b03e570d80a8682759 Mon Sep 17 00:00:00 2001 From: chee Date: Tue, 24 Sep 2019 15:58:49 +0100 Subject: [PATCH] Subsequential commit --- .gitignore | 1 + config/sshd | 19 +++++ index.js | 102 ++++++++++++++++++++++++- jsconfig.json | 3 + package-lock.json | 135 +++++++++++++++++++++++++++++----- package.json | 7 +- succeed/Cargo.lock | 53 +++++++++++++ succeed/Cargo.toml | 10 +++ succeed/build.sh | 5 ++ succeed/src/.main.rs.kate-swp | Bin 0 -> 2001 bytes succeed/src/main.rs | 19 +++++ 11 files changed, 331 insertions(+), 23 deletions(-) create mode 100644 config/sshd create mode 100644 jsconfig.json create mode 100644 succeed/Cargo.lock create mode 100644 succeed/Cargo.toml create mode 100644 succeed/build.sh create mode 100644 succeed/src/.main.rs.kate-swp create mode 100644 succeed/src/main.rs diff --git a/.gitignore b/.gitignore index c2658d7..d014a71 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ node_modules/ +succeed/target/ diff --git a/config/sshd b/config/sshd new file mode 100644 index 0000000..8e63021 --- /dev/null +++ b/config/sshd @@ -0,0 +1,19 @@ +Port 2424 +ListenAddress auth.snoot.club +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_ecdsa_key +HostKey /etc/ssh/ssh_host_ed25519_key +LoginGraceTime 1m +PermitRootLogin no +MaxAuthTries 1 +MaxSessions 1 +PubkeyAuthentication yes +PasswordAuthentication no +ChallengeResponseAuthentication no +UsePAM no +AllowAgentForwarding no +AllowTcpForwarding no +PrintMotd no +PrintLastLog yes +PidFile /run/sshd.auth.snoot.club.pid +ForceCommand /snoots/auth/bin/succeed diff --git a/index.js b/index.js index 3517a0b..92fd902 100644 --- a/index.js +++ b/index.js @@ -1,7 +1,105 @@ let {send} = require("micro") +let execa = require("execa") +let net = require("net") +let fs = require("fs").promises +let {router, get} = require("microrouter") +let crypto = require("crypto") -function await +async function getSnoot(name) { + let {stdout: snootid} = await execa("id", ["-u", name]).catch(() => ({})) + return snootid +} + +async function authenticate(request, response, name) { + let snootid = await getSnoot(name) + + if (!snootid) { + return send(response, 401, `${name} is NOT a snoot`) + } + + return ` + +authenticate ${name} +

authenticate yourself

+ +

hello, ${name}

+ +

click this:

+ +

listen

+ +

then run this in your terminal!

+ +

+ssh ${name}@auth.snoot.club -p 2424
+
+` +} + +async function listen(request, response, name) { + let snootid = await getSnoot(name) + + if (!snootid) { + return send(response, 401, `${name} is NOT a snoot`) + } + + let sockPath = `/snoots/auth/socks/${snootid}.sock` + + fs.unlink(sockPath).catch(() => ({})) + let timeout + let server = net.createServer(function(client) { + let data = "" + client.on("data", d => { + data += d.toString() + }) + client.on("end", async _ => { + if (data == "success") { + clearTimeout(timeout) + let token = `${name}.${crypto.randomBytes(22).toString("base64")}` + await fs.writeFile(`/snoots/auth/sessions/${name}`, token) + response.setHeader( + "Set-Cookie", + `session=${token}; Domain=snoot.club; Secure;` + ) + send(response, 200, "Thanks ! Enjoy your cookie") + } else { + clearTimeout(timeout) + return send(response, 401, "Something naughty happened.") + } + }) + client.on("error", () => { + clearTimeout(timeout) + return send(response, 400, "The ssh client errored out :(") + }) + }) + timeout = setTimeout(() => { + server.close(function() { + send(response, 408, "That took too long! please try again") + }) + }, 60000) + server.listen(sockPath) +} + +async function notfound(request, response) { + return send( + response, + 404, + "go to https://auth.snoot.club/start/your_snoot_name" + ) +} module.exports = (request, response) => { - send( + let parts = request.url.split("/").filter(Boolean) + + if (parts.length == 1) { + let [name] = parts + return authenticate(request, response, name) + } + + if (parts.length == 2 && parts[0] == "listen") { + let [, name] = parts + return listen(request, response, name) + } + + return notfound(request, response) } diff --git a/jsconfig.json b/jsconfig.json new file mode 100644 index 0000000..7bfba7b --- /dev/null +++ b/jsconfig.json @@ -0,0 +1,3 @@ +{ + "lib": "es2019" +} diff --git a/package-lock.json b/package-lock.json index 72762f2..21ccb7d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,8 +13,51 @@ "commander": "^2.19.0", "execa": "^1.0.0", "serve-handler": "^5.0.7" + }, + "dependencies": { + "execa": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", + "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", + "requires": { + "cross-spawn": "^6.0.0", + "get-stream": "^4.0.0", + "is-stream": "^1.1.0", + "npm-run-path": "^2.0.0", + "p-finally": "^1.0.0", + "signal-exit": "^3.0.0", + "strip-eof": "^1.0.0" + } + }, + "get-stream": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", + "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", + "requires": { + "pump": "^3.0.0" + } + }, + "npm-run-path": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", + "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", + "requires": { + "path-key": "^2.0.0" + } + }, + "p-finally": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", + "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" + } } }, + "@types/node": { + "version": "12.7.5", + "resolved": "https://registry.npmjs.org/@types/node/-/node-12.7.5.tgz", + "integrity": "sha512-9fq4jZVhPNW8r+UYKnxF1e2HkDWOWKM5bC2/7c9wPV835I0aOrVbS/Hw/pWPk2uKrNXQqg9Z959Kz+IYDd5p3w==", + "dev": true + }, "ansi-colors": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz", @@ -90,17 +133,26 @@ } }, "execa": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/execa/-/execa-1.0.0.tgz", - "integrity": "sha512-adbxcyWV46qiHyvSp50TKt05tB4tK3HcmF7/nxfAdhnox83seTDbwnaqKO4sXRy7roHAIFqJP/Rw/AuEbX61LA==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/execa/-/execa-2.0.4.tgz", + "integrity": "sha512-VcQfhuGD51vQUQtKIq2fjGDLDbL6N1DTQVpYzxZ7LPIXw3HqTuIz6uxRmpV1qf8i31LHf2kjiaGI+GdHwRgbnQ==", "requires": { - "cross-spawn": "^6.0.0", - "get-stream": "^4.0.0", - "is-stream": "^1.1.0", - "npm-run-path": "^2.0.0", - "p-finally": "^1.0.0", - "signal-exit": "^3.0.0", - "strip-eof": "^1.0.0" + "cross-spawn": "^6.0.5", + "get-stream": "^5.0.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^3.0.0", + "onetime": "^5.1.0", + "p-finally": "^2.0.0", + "signal-exit": "^3.0.2", + "strip-final-newline": "^2.0.0" + }, + "dependencies": { + "is-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.0.tgz", + "integrity": "sha512-XCoy+WlUr7d1+Z8GgSuXmpuUFC9fOhRXglJMx+dwLKTkL44Cjd4W1Z5P+BQZpr+cR93aGP4S/s7Ftw6Nd/kiEw==" + } } }, "fast-url-parser": { @@ -112,9 +164,9 @@ } }, "get-stream": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-4.1.0.tgz", - "integrity": "sha512-GMat4EJ5161kIy2HevLlr4luNjBgvmj413KaQA7jt4V8B4RDsfpHk7WQ9GVqfYyyx8OS/L66Kox+rJRNklLK7w==", + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.1.0.tgz", + "integrity": "sha512-EXr1FOzrzTfGeL0gQdeFEvOMm2mzMOglyiOXSTpPC+iAjAKftbr3jpCMWynogwYnM+eSj9sHGc6wjIcDvYiygw==", "requires": { "pump": "^3.0.0" } @@ -150,6 +202,11 @@ "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=" }, + "merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==" + }, "micro": { "version": "9.3.4", "resolved": "https://registry.npmjs.org/micro/-/micro-9.3.4.tgz", @@ -161,6 +218,14 @@ "raw-body": "2.3.2" } }, + "microrouter": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/microrouter/-/microrouter-3.1.3.tgz", + "integrity": "sha1-HkXfd9Pi13O+XaEpz8fV5ubIb04=", + "requires": { + "url-pattern": "^1.0.3" + } + }, "mime-db": { "version": "1.33.0", "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz", @@ -174,6 +239,11 @@ "mime-db": "~1.33.0" } }, + "mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==" + }, "minimatch": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", @@ -188,11 +258,18 @@ "integrity": "sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ==" }, "npm-run-path": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz", - "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-3.1.0.tgz", + "integrity": "sha512-Dbl4A/VfiVGLgQv29URL9xshU8XDY1GeLy+fsaZ1AA8JDSfjvr5P5+pzRbWqRSBxk6/DW7MIh8lTM/PaGnP2kg==", "requires": { - "path-key": "^2.0.0" + "path-key": "^3.0.0" + }, + "dependencies": { + "path-key": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.0.tgz", + "integrity": "sha512-8cChqz0RP6SHJkMt48FW0A7+qUOn+OsnOsVtzI59tZ8m+5bCSk7hzwET0pulwOM2YMn9J1efb07KB9l9f30SGg==" + } } }, "once": { @@ -203,10 +280,18 @@ "wrappy": "1" } }, + "onetime": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.0.tgz", + "integrity": "sha512-5NcSkPHhwTVFIQN+TUqXoS5+dlElHXdpAWu9I0HP20YOtIi+aZ0Ct82jdlILDxjLEAWwvm+qj1m6aEtsDVmm6Q==", + "requires": { + "mimic-fn": "^2.1.0" + } + }, "p-finally": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", - "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=" + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-2.0.1.tgz", + "integrity": "sha512-vpm09aKwq6H9phqRQzecoDpD8TmVyGw70qmWlyq5onxY7tqyTTFVvxMykxQSQKILBSFlbXpypIw2T1Ml7+DDtw==" }, "path-is-inside": { "version": "1.0.2", @@ -306,11 +391,21 @@ "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz", "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=" }, + "strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==" + }, "unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw=" }, + "url-pattern": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/url-pattern/-/url-pattern-1.0.3.tgz", + "integrity": "sha1-BAkpJHGyTyPFDWWkeTF5PStaz8E=" + }, "which": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", diff --git a/package.json b/package.json index 3972eaf..bba2afd 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,11 @@ "description": "auth application on snoot.club", "dependencies": { "@snootclub/boop": "^0.0.14", - "micro": "^9.3.3" + "execa": "^2.0.4", + "micro": "^9.3.3", + "microrouter": "^3.1.3" + }, + "devDependencies": { + "@types/node": "^12.7.5" } } diff --git a/succeed/Cargo.lock b/succeed/Cargo.lock new file mode 100644 index 0000000..c6e42e1 --- /dev/null +++ b/succeed/Cargo.lock @@ -0,0 +1,53 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] +name = "bitflags" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "cc" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "cfg-if" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "libc" +version = "0.2.62" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "nix" +version = "0.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "bitflags 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", + "cc 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)", + "cfg-if 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)", + "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "succeed" +version = "0.1.0" +dependencies = [ + "nix 0.15.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "void" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[metadata] +"checksum bitflags 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "8a606a02debe2813760609f57a64a2ffd27d9fdf5b2f133eaca0b248dd92cdd2" +"checksum cc 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)" = "4fc9a35e1f4290eb9e5fc54ba6cf40671ed2a2514c3eeb2b2a908dda2ea5a1be" +"checksum cfg-if 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "b486ce3ccf7ffd79fdeb678eac06a9e6c09fc88d33836340becb8fffe87c5e33" +"checksum libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)" = "34fcd2c08d2f832f376f4173a231990fa5aef4e99fb569867318a227ef4c06ba" +"checksum nix 0.15.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3b2e0b4f3320ed72aaedb9a5ac838690a8047c7b275da22711fddff4f8a14229" +"checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" diff --git a/succeed/Cargo.toml b/succeed/Cargo.toml new file mode 100644 index 0000000..c04e4ea --- /dev/null +++ b/succeed/Cargo.toml @@ -0,0 +1,10 @@ +[package] +name = "succeed" +version = "0.1.0" +authors = ["chee "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +nix = "0.15" diff --git a/succeed/build.sh b/succeed/build.sh new file mode 100644 index 0000000..964e21f --- /dev/null +++ b/succeed/build.sh @@ -0,0 +1,5 @@ +#!/bin/sh +cargo build --release +mv target/release/succeed ../bin +sudo chmod 6711 ../bin/succeed +sudo chown auth:auth ../bin/succeed diff --git a/succeed/src/.main.rs.kate-swp b/succeed/src/.main.rs.kate-swp new file mode 100644 index 0000000000000000000000000000000000000000..e777728aee6a2aad59bd8f0e92f7f9c3e811b6b2 GIT binary patch literal 2001 zcmdUw%Syvg5QY=%{bp|ukS8eWvLdb`6jwGBmr}HaVo}k0*$BQ_aqGrDf#A-KPvFM+ z$Bh3WbWuyYFmOn|oH;Z9Oy-<;o>xEYPX&e^K$8+@Z7cu-jPdEE3}WLT8`Or16NpOn3rk2+-mc^&<8c+6*RKB zk{rBL81>{9Z)!L{k`W&|hW_rK&ZFdkv&3gKiT@y5Ieo2Z^dxYaPMg-rUQYt&^hS36 z1J~_8c_c*Uj>&$E0Nwuw7^SaWJqdo2HfeOMqdtejn?15^6YhXuCJ!T6JZcq)( c>qK~~5fQA))E0@op}#(h)({6x`ddTrZ%5;&<^TWy literal 0 HcmV?d00001 diff --git a/succeed/src/main.rs b/succeed/src/main.rs new file mode 100644 index 0000000..3d736b2 --- /dev/null +++ b/succeed/src/main.rs @@ -0,0 +1,19 @@ +use nix::unistd::Uid; +use std::io::Write; +use std::os::unix::net::UnixStream; + +fn main() { + // this is the user's REAL uid (not the suid uid) + let uid = Uid::current(); + let path = format!("/snoots/auth/socks/{}.sock", uid); + + if let Ok(mut sock) = UnixStream::connect(&path) { + if let Ok(_) = sock.write(b"success") { + println!("Thank-you! You can return to your browser now."); + std::process::exit(0) + } + } + + println!("Couldn't write to socket. Have you started a session on auth.snoot.club?"); + std::process::exit(1); +}