From e95b4972da8860ed04a69c60ced3167e217ec486 Mon Sep 17 00:00:00 2001 From: Steven Polley Date: Wed, 17 Apr 2024 19:12:01 -0600 Subject: [PATCH] add scaffolding for configuration file --- hypd/cmd/defaultconfig.go | 33 +++++++++++++++ hypd/cmd/server.go | 30 ++++++-------- hypd/configuration/configuration.go | 64 +++++++++++++++++++++++++++++ hypd/server/packet.go | 3 +- 4 files changed, 111 insertions(+), 19 deletions(-) create mode 100644 hypd/cmd/defaultconfig.go create mode 100644 hypd/configuration/configuration.go diff --git a/hypd/cmd/defaultconfig.go b/hypd/cmd/defaultconfig.go new file mode 100644 index 0000000..29957f0 --- /dev/null +++ b/hypd/cmd/defaultconfig.go @@ -0,0 +1,33 @@ +/* +Copyright © 2024 Steven Polley +*/ +package cmd + +import ( + "encoding/json" + "fmt" + + "deadbeef.codes/steven/hyp/hypd/configuration" + "github.com/spf13/cobra" +) + +// defaultconfigCmd represents the defaultconfig command +var defaultconfigCmd = &cobra.Command{ + Use: "defaultconfig", + Short: "Prints the default configuration to stdout", + Long: `The default configuration is used if one is not set. The default configuration + can be used as a reference to build your own. `, + Run: func(cmd *cobra.Command, args []string) { + config := configuration.DefaultConfig() + b, err := json.MarshalIndent(config, "", " ") + if err != nil { + panic(fmt.Errorf("failed to marshal default configuration to json (this should never happen): %v", err)) + } + fmt.Println(string(b)) + }, +} + +func init() { + generateCmd.AddCommand(defaultconfigCmd) + +} diff --git a/hypd/cmd/server.go b/hypd/cmd/server.go index 8a2cfeb..8fb62e0 100644 --- a/hypd/cmd/server.go +++ b/hypd/cmd/server.go @@ -6,6 +6,7 @@ package cmd import ( "fmt" + "deadbeef.codes/steven/hyp/hypd/configuration" "deadbeef.codes/steven/hyp/hypd/server" "github.com/spf13/cobra" ) @@ -30,7 +31,16 @@ Example Usage: `, Run: func(cmd *cobra.Command, args []string) { - err := server.PacketServer(args[0]) + configFile, err := cmd.Flags().GetString("configfile") + if err != nil { + panic(fmt.Errorf("failed to get configfile flag: %w", err)) + } + hypdConfiguration, err := configuration.LoadConfiguration(configFile) + if err != nil { + panic(fmt.Errorf("failed to start packet server: %w", err)) + } + + err = server.PacketServer(args[0], hypdConfiguration) if err != nil { panic(fmt.Errorf("failed to start packet server: %w", err)) } @@ -40,22 +50,6 @@ Example Usage: func init() { rootCmd.AddCommand(serverCmd) - /* - viper.SetConfigName("hypconfig") - viper.SetConfigType("yaml") - viper.AddConfigPath("/etc/hyp/") - viper.AddConfigPath("$HOME/.hyp") - viper.AddConfigPath(".") - viper.SetDefault("RefreshInterval", 7200) - - if err := viper.ReadInConfig(); err != nil { - if _, ok := err.(viper.ConfigFileNotFoundError); ok { - // Config file not found - // TBD: Implement - } else { - // Config file was found, but another error was produced - panic(fmt.Errorf("failed reading existing config file: %w", err)) - } - }*/ + serverCmd.PersistentFlags().String("configfile", "", "Path to the file containing the hypd configuration.") } diff --git a/hypd/configuration/configuration.go b/hypd/configuration/configuration.go new file mode 100644 index 0000000..a6ff44a --- /dev/null +++ b/hypd/configuration/configuration.go @@ -0,0 +1,64 @@ +package configuration + +import ( + "encoding/json" + "fmt" + "os" +) + +type HypdConfiguration struct { + PreSharedKeyDirectory string `json:"preSharedKeyDirectory"` // hypd will load all *.secret files from this directory + SuccessAction string `json:"successAction"` // The action to take + TimeoutSeconds int `json:"timeoutSeconds"` // If > 0, once a knock sequence has been successful this value will count down and when it reaches 0, it will perform the TimeoutAction on the client. + TimeoutAction string `json:"timeoutAction"` // The action to take after TimeoutSeconds has elapsed. only applicable if TimeoutSeconds is > 0 + +} + +// LoadConfiguration opens and parses the configuration file into a HypdConfiguration struct +// If a configFilePath is not specified, it will search in common locations +func LoadConfiguration(configFilePath string) (*HypdConfiguration, error) { + if configFilePath == "" { + commonLocations := []string{"hypdconfig.json", + "~/.config/hyp/hypdConfig.json", + "/etc/hyp/hypdConfig.json", + "/usr/local/etc/hyp/hypdConfig.json", + } + + for _, loc := range commonLocations { + if _, err := os.Stat(loc); err == nil { + configFilePath = loc + break + } + } + } + // if it's still not found after checking common locations, load default config + if configFilePath == "" { + return DefaultConfig(), nil + } + + // Otherwise if a config is specified, try to load it and error if it fails. + // I think it's better to error here if a config was intended and failed + // rather than failing back to default + + b, err := os.ReadFile(configFilePath) + if err != nil { + return nil, fmt.Errorf("failed to read config file '%s': %w", configFilePath, err) + } + + var hypdConfiguration *HypdConfiguration + err = json.Unmarshal(b, hypdConfiguration) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal config file json to HypdConfiguration (is the config file malformed?): %w", err) + } + + return nil, nil +} + +func DefaultConfig() *HypdConfiguration { + return &HypdConfiguration{ + PreSharedKeyDirectory: "./secrets/", + SuccessAction: "iptables -A INPUT -p tcp -s %s --dport 22 -j ACCEPT", + TimeoutSeconds: 1440, + TimeoutAction: "iptables -D INPUT -p tcp -s %s --dport 22 -j ACCEPT", + } +} diff --git a/hypd/server/packet.go b/hypd/server/packet.go index edf5486..e1f08b7 100644 --- a/hypd/server/packet.go +++ b/hypd/server/packet.go @@ -15,6 +15,7 @@ import ( "os/exec" "time" + "deadbeef.codes/steven/hyp/hypd/configuration" "deadbeef.codes/steven/hyp/otphyp" "github.com/cilium/ebpf/link" "github.com/cilium/ebpf/ringbuf" @@ -48,7 +49,7 @@ var ( // PacketServer is the main function when operating in server mode // it sets up the pcap on the capture device and starts a goroutine // to rotate the knock sequence -func PacketServer(captureDevice string) error { +func PacketServer(captureDevice string, config *configuration.HypdConfiguration) error { iface, err := net.InterfaceByName(captureDevice) if err != nil {