Browse Source

crypt passwords, remove "debian" account, refactor

master
Teran McKinney 2 years ago
parent
commit
5a133ac48f
  1. 64
      debian-10.go
  2. 64
      debian-9.go
  3. 83
      debian-preseed.go
  4. 1
      go.mod
  5. 2
      go.sum
  6. 30
      password.go
  7. 9
      password_test.go
  8. 66
      ubuntu-16-04.go
  9. 66
      ubuntu-18-04.go

64
debian-10.go

@ -1,64 +1,8 @@
package main
import (
"bytes"
"crypto/md5"
"encoding/hex"
"text/template"
const debian10Hostname = "debian-10"
const debian10Mirror = "http://ftp.debian.org/debian/dists/buster/main/installer-amd64/current/images/netboot/debian-installer/amd64"
"github.com/teran-mckinney/burnpaste"
)
const debian10_ipxescript = `#!ipxe
dhcp
set mirror http://ftp.debian.org/debian/dists/buster/main/installer-amd64/current/images/netboot/debian-installer/amd64
kernel ${mirror}/linux console=ttyS0,115200n8 net.ifnames=0 netcfg/choose_interface=eth0 initrd=initrd.gz auto=true priority=critical hostname=debian-10 auto url={{.PRESEED}} preseed-md5={{.PRESEED_CHECKSUM}}
initrd ${mirror}/initrd.gz
boot`
func debian10(sshKey, burnpaste_endpoint string) (response IPXE, err error) {
// burnpaste_endpoint is a running burnpaste instance to store our preseed data.
var return_script bytes.Buffer
var rendered_preseed bytes.Buffer
if err = validateSSHKey(sshKey); err != nil {
return
}
tmpl, err := template.New("").Parse(debian_preseed)
if err != nil {
return
}
type preseed_args struct {
SSHKEY string
PASSWORD string
}
root_password, err := randomPassword()
if err != nil {
return
}
preseed_arguments := preseed_args{SSHKEY: sshKey, PASSWORD: root_password}
tmpl.Execute(&rendered_preseed, preseed_arguments)
hash := md5.Sum(rendered_preseed.Bytes())
hash_hex := hex.EncodeToString(hash[:])
url, err := burnpaste.Write(burnpaste_endpoint, rendered_preseed.Bytes())
if err != nil {
return
}
tmpl, err = template.New("").Parse(debian10_ipxescript)
if err != nil {
return
}
type args struct {
PRESEED string
PRESEED_CHECKSUM string
}
arguments := args{url, hash_hex}
tmpl.Execute(&return_script, arguments)
response = IPXE{Script: return_script.String(), RootPassword: &root_password}
return
func debian10(sshKey, burnpasteEndpoint string) (response IPXE, err error) {
return debianPreseed(sshKey, burnpasteEndpoint, debian10Hostname, debian10Mirror)
}

64
debian-9.go

@ -1,64 +1,8 @@
package main
import (
"bytes"
"crypto/md5"
"encoding/hex"
"text/template"
const debian9Hostname = "debian-9"
const debian9Mirror = "http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/debian-installer/amd64"
"github.com/teran-mckinney/burnpaste"
)
const debian9_ipxescript = `#!ipxe
dhcp
set mirror http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/debian-installer/amd64
kernel ${mirror}/linux console=ttyS0,115200n8 net.ifnames=0 netcfg/choose_interface=eth0 initrd=initrd.gz auto=true priority=critical hostname=debian-9 auto url={{.PRESEED}} preseed-md5={{.PRESEED_CHECKSUM}}
initrd ${mirror}/initrd.gz
boot`
func debian9(sshKey, burnpaste_endpoint string) (response IPXE, err error) {
// burnpaste_endpoint is a running burnpaste instance to store our preseed data.
var return_script bytes.Buffer
var rendered_preseed bytes.Buffer
if err = validateSSHKey(sshKey); err != nil {
return
}
tmpl, err := template.New("").Parse(debian_preseed)
if err != nil {
return
}
type preseed_args struct {
SSHKEY string
PASSWORD string
}
root_password, err := randomPassword()
if err != nil {
return
}
preseed_arguments := preseed_args{SSHKEY: sshKey, PASSWORD: root_password}
tmpl.Execute(&rendered_preseed, preseed_arguments)
hash := md5.Sum(rendered_preseed.Bytes())
hash_hex := hex.EncodeToString(hash[:])
url, err := burnpaste.Write(burnpaste_endpoint, rendered_preseed.Bytes())
if err != nil {
return
}
tmpl, err = template.New("").Parse(debian9_ipxescript)
if err != nil {
return
}
type args struct {
PRESEED string
PRESEED_CHECKSUM string
}
arguments := args{url, hash_hex}
tmpl.Execute(&return_script, arguments)
response = IPXE{Script: return_script.String(), RootPassword: &root_password}
return
func debian9(sshKey, burnpasteEndpoint string) (response IPXE, err error) {
return debianPreseed(sshKey, burnpasteEndpoint, debian9Hostname, debian9Mirror)
}

83
debian-preseed.go

@ -1,5 +1,26 @@
package main
import (
"bytes"
"crypto/md5"
"encoding/hex"
"text/template"
"github.com/teran-mckinney/burnpaste"
)
type preseedArgs struct {
SSHKEY string
CRYPTED_PASSWORD string
}
type ipxescriptArgs struct {
HOSTNAME string
MIRROR string
PRESEED string
PRESEED_CHECKSUM string
}
const debian_preseed = `d-i debian-installer/locale string en_US
d-i keyboard-configuration/xkb-keymap select us
d-i clock-setup/utc boolean true
@ -30,14 +51,10 @@ d-i partman/confirm_nooverwrite boolean true
d-i apt-setup/non-free boolean false
d-i apt-setup/contrib boolean false
d-i passwd/root-password password {{.PASSWORD}}
d-i passwd/root-password-again password {{.PASSWORD}}
d-i passwd/root-login boolean true
d-i passwd/root-password-crypted password {{.CRYPTED_PASSWORD}}
d-i passwd/user-fullname string Debian User
d-i passwd/username string debian
d-i passwd/user-password password {{.PASSWORD}}
d-i passwd/user-password-again password {{.PASSWORD}}
d-i user-setup/allow-password-weak boolean true
d-i passwd/make-user boolean false
d-i base-installer/install-recommends boolean false
@ -55,3 +72,55 @@ d-i finish-install/reboot_in_progress note
d-i preseed/late_command string apt-install openssh-server; in-target mkdir /root/.ssh; in-target sh -c "echo '{{.SSHKEY}}' > /root/.ssh/authorized_keys"; in-target systemctl enable serial-getty@ttyS0.service
`
const debian_ipxescript = `#!ipxe
dhcp
set mirror {{.MIRROR}}
kernel ${mirror}/linux console=ttyS0,115200n8 net.ifnames=0 netcfg/choose_interface=eth0 initrd=initrd.gz auto=true priority=critical hostname={{.HOSTNAME}} auto url={{.PRESEED}} preseed-md5={{.PRESEED_CHECKSUM}}
initrd ${mirror}/initrd.gz
boot`
func debianPreseed(sshKey, burnpaste_endpoint, hostname, mirror string) (response IPXE, err error) {
// burnpaste_endpoint is a running burnpaste instance to store our preseed data.
var return_script bytes.Buffer
var rendered_preseed bytes.Buffer
if err = validateSSHKey(sshKey); err != nil {
return
}
tmpl, err := template.New("").Parse(debian_preseed)
if err != nil {
return
}
rootPassword, hashedRootPassword, err := randomPasswordHashed()
if err != nil {
return
}
preseed_arguments := preseedArgs{SSHKEY: sshKey, CRYPTED_PASSWORD: hashedRootPassword}
err = tmpl.Execute(&rendered_preseed, preseed_arguments)
if err != nil {
return
}
hash := md5.Sum(rendered_preseed.Bytes())
hash_hex := hex.EncodeToString(hash[:])
url, err := burnpaste.Write(burnpaste_endpoint, rendered_preseed.Bytes())
if err != nil {
return
}
tmpl, err = template.New("").Parse(debian_ipxescript)
if err != nil {
return
}
arguments := ipxescriptArgs{hostname, mirror, url, hash_hex}
err = tmpl.Execute(&return_script, arguments)
if err != nil {
return
}
response = IPXE{Script: return_script.String(), RootPassword: &rootPassword}
return
}

1
go.mod

@ -3,6 +3,7 @@ module github.com/teran-mckinney/ipxeplease
go 1.12
require (
github.com/GehirnInc/crypt v0.0.0-20190301055215-6c0105aabd46
github.com/teran-mckinney/burnpaste v0.0.0-20190809021100-3655ec2aad4d
gopkg.in/alexcesaro/statsd.v2 v2.0.0
)

2
go.sum

@ -1,3 +1,5 @@
github.com/GehirnInc/crypt v0.0.0-20190301055215-6c0105aabd46 h1:rs0kDBt2zF4/CM9rO5/iH+U22jnTygPlqWgX55Ufcxg=
github.com/GehirnInc/crypt v0.0.0-20190301055215-6c0105aabd46/go.mod h1:kC29dT1vFpj7py2OvG1khBdQpo3kInWP+6QipLbdngo=
github.com/teran-mckinney/burnpaste v0.0.0-20190809021100-3655ec2aad4d h1:pQD9uvumsz58uGpG6BTkJBGmzulA2ExlD/sG2vCp+5w=
github.com/teran-mckinney/burnpaste v0.0.0-20190809021100-3655ec2aad4d/go.mod h1:z2wUqWKYMA5ziADPorjLLHeWcptNxrae/04ui7c2gdE=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=

30
password.go

@ -4,17 +4,35 @@ package main
import (
"crypto/rand"
"encoding/base32"
"github.com/GehirnInc/crypt/sha512_crypt"
)
func randomPassword() (string, error) {
var password string
var err error
func randomPassword() (password string, err error) {
randomBytes := make([]byte, 20)
_, err = rand.Read(randomBytes)
if err != nil {
goto end
return
}
password = base32.StdEncoding.EncodeToString(randomBytes)
end:
return password, err
return
}
func hashPassword(passwordToHash string) (hashedPassword string, err error) {
crypt := sha512_crypt.New()
// $6$ is for SHA512
output, err := crypt.Generate([]byte(passwordToHash), []byte("$6$ipxeplease"))
if err != nil {
return
}
hashedPassword = string(output)
return
}
func randomPasswordHashed() (password, hashedPassword string, err error) {
password, err = randomPassword()
if err != nil {
return
}
hashedPassword, err = hashPassword(password)
return
}

9
password_test.go

@ -21,3 +21,12 @@ func TestRandomPassword(t *testing.T) {
t.Errorf("Both passwords are %s", password1)
}
}
func TestRandomPasswordHashed(t *testing.T) {
password, hashedPassword, err := randomPasswordHashed()
if err != nil {
t.Errorf("Raised error: %s", err.Error())
} else {
log.Print("Generated: ", password, " and ", hashedPassword)
}
}

66
ubuntu-16-04.go

@ -1,66 +1,8 @@
package main
import (
"bytes"
"crypto/md5"
"encoding/hex"
"text/template"
const ubuntu1604Hostname = "ubuntu-16-04"
const ubuntu1604Mirror = "http://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64"
"github.com/teran-mckinney/burnpaste"
)
// Ubuntu Xenial
const ubuntu1604_ipxescript = `#!ipxe
dhcp
set mirror http://archive.ubuntu.com/ubuntu/dists/xenial-updates/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64
kernel ${mirror}/linux console=ttyS0,115200n8 net.ifnames=0 netcfg/choose_interface=eth0 initrd=initrd.gz auto=true priority=critical hostname=ubuntu-16-04 auto url={{.PRESEED}} preseed-md5={{.PRESEED_CHECKSUM}}
initrd ${mirror}/initrd.gz
boot`
func ubuntu1604(sshKey, burnpaste_endpoint string) (response IPXE, err error) {
// burnpaste_endpoint is a running burnpaste instance to store our preseed data.
var return_script bytes.Buffer
var rendered_preseed bytes.Buffer
if err = validateSSHKey(sshKey); err != nil {
return
}
tmpl, err := template.New("").Parse(debian_preseed)
if err != nil {
return
}
type preseed_args struct {
SSHKEY string
PASSWORD string
}
root_password, err := randomPassword()
if err != nil {
return
}
preseed_arguments := preseed_args{SSHKEY: sshKey, PASSWORD: root_password}
tmpl.Execute(&rendered_preseed, preseed_arguments)
hash := md5.Sum(rendered_preseed.Bytes())
hash_hex := hex.EncodeToString(hash[:])
url, err := burnpaste.Write(burnpaste_endpoint, rendered_preseed.Bytes())
if err != nil {
return
}
tmpl, err = template.New("").Parse(ubuntu1604_ipxescript)
if err != nil {
return
}
type args struct {
PRESEED string
PRESEED_CHECKSUM string
}
arguments := args{url, hash_hex}
tmpl.Execute(&return_script, arguments)
response = IPXE{Script: return_script.String(), RootPassword: &root_password}
return
func ubuntu1604(sshKey, burnpasteEndpoint string) (response IPXE, err error) {
return debianPreseed(sshKey, burnpasteEndpoint, ubuntu1604Hostname, ubuntu1604Mirror)
}

66
ubuntu-18-04.go

@ -1,66 +1,8 @@
package main
import (
"bytes"
"crypto/md5"
"encoding/hex"
"text/template"
const ubuntu1804Hostname = "ubuntu-18-04"
const ubuntu1804Mirror = "http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64"
"github.com/teran-mckinney/burnpaste"
)
// Ubuntu Bionic
const ubuntu1804_ipxescript = `#!ipxe
dhcp
set mirror http://archive.ubuntu.com/ubuntu/dists/bionic-updates/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64
kernel ${mirror}/linux console=ttyS0,115200n8 net.ifnames=0 netcfg/choose_interface=eth0 initrd=initrd.gz auto=true priority=critical hostname=ubuntu-18-04 auto url={{.PRESEED}} preseed-md5={{.PRESEED_CHECKSUM}}
initrd ${mirror}/initrd.gz
boot`
func ubuntu1804(sshKey, burnpaste_endpoint string) (response IPXE, err error) {
// burnpaste_endpoint is a running burnpaste instance to store our preseed data.
var return_script bytes.Buffer
var rendered_preseed bytes.Buffer
if err = validateSSHKey(sshKey); err != nil {
return
}
tmpl, err := template.New("").Parse(debian_preseed)
if err != nil {
return
}
type preseed_args struct {
SSHKEY string
PASSWORD string
}
root_password, err := randomPassword()
if err != nil {
return
}
preseed_arguments := preseed_args{SSHKEY: sshKey, PASSWORD: root_password}
tmpl.Execute(&rendered_preseed, preseed_arguments)
hash := md5.Sum(rendered_preseed.Bytes())
hash_hex := hex.EncodeToString(hash[:])
url, err := burnpaste.Write(burnpaste_endpoint, rendered_preseed.Bytes())
if err != nil {
return
}
tmpl, err = template.New("").Parse(ubuntu1804_ipxescript)
if err != nil {
return
}
type args struct {
PRESEED string
PRESEED_CHECKSUM string
}
arguments := args{url, hash_hex}
tmpl.Execute(&return_script, arguments)
response = IPXE{Script: return_script.String(), RootPassword: &root_password}
return
func ubuntu1804(sshKey, burnpasteEndpoint string) (response IPXE, err error) {
return debianPreseed(sshKey, burnpasteEndpoint, ubuntu1804Hostname, ubuntu1804Mirror)
}
Loading…
Cancel
Save