|
|
|
@ -12,7 +12,6 @@ import ( |
|
|
|
|
"flag" |
|
|
|
|
"fmt" |
|
|
|
|
"io/ioutil" |
|
|
|
|
"log" |
|
|
|
|
"os" |
|
|
|
|
"os/signal" |
|
|
|
|
"syscall" |
|
|
|
@ -20,10 +19,9 @@ import ( |
|
|
|
|
ldap "./ldapserver" |
|
|
|
|
consul "github.com/hashicorp/consul/api" |
|
|
|
|
message "github.com/vjeantet/goldap/message" |
|
|
|
|
log "github.com/sirupsen/logrus" |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
const DEBUG = false |
|
|
|
|
|
|
|
|
|
const ATTR_USERPASSWORD = "userpassword" |
|
|
|
|
const ATTR_MEMBER = "member" |
|
|
|
|
const ATTR_MEMBEROF = "memberof" |
|
|
|
@ -42,6 +40,7 @@ type ConfigFile struct { |
|
|
|
|
TLSCertFile string `json:"tls_cert_file"` |
|
|
|
|
TLSKeyFile string `json:"tls_key_file"` |
|
|
|
|
TLSServerName string `json:"tls_server_name"` |
|
|
|
|
LogLevel string `json:"log_level"` |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
type Config struct { |
|
|
|
@ -49,6 +48,7 @@ type Config struct { |
|
|
|
|
Bind string |
|
|
|
|
BindSecure string |
|
|
|
|
ConsulHost string |
|
|
|
|
LogLevel log.Level |
|
|
|
|
|
|
|
|
|
Acl ACL |
|
|
|
|
|
|
|
|
@ -69,7 +69,7 @@ type Entry map[string][]string |
|
|
|
|
|
|
|
|
|
var configFlag = flag.String("config", "./config.json", "Configuration file path") |
|
|
|
|
|
|
|
|
|
func readConfig() Config { |
|
|
|
|
func readConfig(logger *log.Logger) Config { |
|
|
|
|
config_file := ConfigFile{ |
|
|
|
|
Bind: "0.0.0.0:389", |
|
|
|
|
BindSecure: "0.0.0.0:636", |
|
|
|
@ -77,17 +77,25 @@ func readConfig() Config { |
|
|
|
|
|
|
|
|
|
bytes, err := ioutil.ReadFile(*configFlag) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
err = json.Unmarshal(bytes, &config_file) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
acl, err := ParseACL(config_file.Acl) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
log_level := log.InfoLevel |
|
|
|
|
if config_file.LogLevel != "" { |
|
|
|
|
log_level, err = log.ParseLevel(config_file.LogLevel) |
|
|
|
|
if err != nil { |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
ret := Config{ |
|
|
|
@ -96,20 +104,21 @@ func readConfig() Config { |
|
|
|
|
BindSecure: config_file.BindSecure, |
|
|
|
|
ConsulHost: config_file.ConsulHost, |
|
|
|
|
Acl: acl, |
|
|
|
|
LogLevel: log_level, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if config_file.TLSCertFile != "" && config_file.TLSKeyFile != "" && config_file.TLSServerName != "" { |
|
|
|
|
cert_txt, err := ioutil.ReadFile(config_file.TLSCertFile) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
key_txt, err := ioutil.ReadFile(config_file.TLSKeyFile) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
cert, err := tls.X509KeyPair(cert_txt, key_txt) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
ret.TLSConfig = &tls.Config{ |
|
|
|
|
MinVersion: tls.VersionTLS10, |
|
|
|
@ -125,9 +134,23 @@ func readConfig() Config { |
|
|
|
|
func main() { |
|
|
|
|
flag.Parse() |
|
|
|
|
|
|
|
|
|
ldap.Logger = log.New(os.Stdout, "[ldapserver] ", log.LstdFlags) |
|
|
|
|
logger := log.New() |
|
|
|
|
logger.SetOutput(os.Stdout) |
|
|
|
|
logger.SetFormatter(&log.TextFormatter{}) |
|
|
|
|
|
|
|
|
|
config := readConfig(logger) |
|
|
|
|
|
|
|
|
|
if log_level := os.Getenv("BOTTIN_LOG_LEVEL"); log_level != "" { |
|
|
|
|
level, err := log.ParseLevel(log_level) |
|
|
|
|
if err != nil { |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
logger.SetLevel(level) |
|
|
|
|
} else { |
|
|
|
|
logger.SetLevel(config.LogLevel) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
config := readConfig() |
|
|
|
|
ldap.Logger = logger |
|
|
|
|
|
|
|
|
|
// Connect to Consul
|
|
|
|
|
consul_config := consul.DefaultConfig() |
|
|
|
@ -136,19 +159,19 @@ func main() { |
|
|
|
|
} |
|
|
|
|
consul_client, err := consul.NewClient(consul_config) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
kv := consul_client.KV() |
|
|
|
|
|
|
|
|
|
// Create bottin server
|
|
|
|
|
bottin := Server{ |
|
|
|
|
logger: log.New(os.Stdout, "[bottin] ", log.LstdFlags), |
|
|
|
|
logger: logger, |
|
|
|
|
config: config, |
|
|
|
|
kv: kv, |
|
|
|
|
} |
|
|
|
|
err = bottin.init() |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Create routes
|
|
|
|
@ -177,7 +200,7 @@ func main() { |
|
|
|
|
go func() { |
|
|
|
|
err := ldapServer.ListenAndServe(config.Bind) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
}() |
|
|
|
|
} |
|
|
|
@ -194,16 +217,16 @@ func main() { |
|
|
|
|
go func() { |
|
|
|
|
err := ldapServerSecure.ListenAndServe(config.BindSecure, secureConn) |
|
|
|
|
if err != nil { |
|
|
|
|
panic(err) |
|
|
|
|
logger.Fatal(err) |
|
|
|
|
} |
|
|
|
|
}() |
|
|
|
|
} else { |
|
|
|
|
log.Printf("Warning: no valid TLS configuration was provided, not binding on %s", config.BindSecure) |
|
|
|
|
logger.Warnf("Warning: no valid TLS configuration was provided, not binding on %s", config.BindSecure) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ldapServer == nil && ldapServerSecure == nil { |
|
|
|
|
panic("Not doing anything.") |
|
|
|
|
logger.Fatal("Not doing anything.") |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// When CTRL+C, SIGINT and SIGTERM signal occurs
|
|
|
|
@ -381,7 +404,7 @@ func (server *Server) handleStartTLS(s ldap.UserState, w ldap.ResponseWriter, m |
|
|
|
|
w.Write(res) |
|
|
|
|
|
|
|
|
|
if err := tlsConn.Handshake(); err != nil { |
|
|
|
|
log.Printf("StartTLS Handshake error %v", err) |
|
|
|
|
server.logger.Printf("StartTLS Handshake error %v", err) |
|
|
|
|
res.SetDiagnosticMessage(fmt.Sprintf("StartTLS Handshake error : \"%s\"", err.Error())) |
|
|
|
|
res.SetResultCode(ldap.LDAPResultOperationsError) |
|
|
|
|
w.Write(res) |
|
|
|
@ -400,7 +423,6 @@ func (server *Server) handleBind(s ldap.UserState, w ldap.ResponseWriter, m *lda |
|
|
|
|
res := ldap.NewBindResponse(result_code) |
|
|
|
|
if err != nil { |
|
|
|
|
res.SetDiagnosticMessage(err.Error()) |
|
|
|
|
server.logger.Printf("Failed bind for %s: %s", string(r.Name()), err.Error()) |
|
|
|
|
} |
|
|
|
|
if result_code == ldap.LDAPResultSuccess { |
|
|
|
|
server.logger.Printf("Successfully bound to %s", string(r.Name())) |
|
|
|
|