From 062aebe299c48b55fff0314e176d348039422b3d Mon Sep 17 00:00:00 2001 From: Nathan Coad Date: Wed, 19 Jul 2023 14:52:41 +1000 Subject: [PATCH] add wsdc intermediate cert --- main.go | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index 0d20340..c66bb58 100644 --- a/main.go +++ b/main.go @@ -1,12 +1,70 @@ package main import ( + "crypto/x509" "flag" "fmt" auth "github.com/korylprince/go-ad-auth/v3" ) + +const WSDCCertPem := ` +-----BEGIN CERTIFICATE----- +MIIJZzCCCE+gAwIBAgIKYQTouAAAAAAABzANBgkqhkiG9w0BAQsFADCBpzELMAkG +A1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MSQwIgYDVQQK +ExtXZXN0cGFjIEJhbmtpbmcgQ29ycG9yYXRpb24xLzAtBgNVBAsTJkRpZ2l0YWwg +Q2VydGlmaWNhdGVzIFNlY3VyaXR5IFNlcnZpY2VzMSIwIAYDVQQDExlXZXN0cGFj +IFNIQTIgUm9vdCBDQSBXU0RDMB4XDTE1MTIwNDEyMjE1OFoXDTI1MTIwNDEyMzE1 +OFowgaYxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5l +eTEkMCIGA1UEChMbV2VzdHBhYyBCYW5raW5nIENvcnBvcmF0aW9uMS8wLQYDVQQL +EyZEaWdpdGFsIENlcnRpZmljYXRlcyBTZWN1cml0eSBTZXJ2aWNlczEhMB8GA1UE +AxMYV2VzdHBhYyBTSEEyIFNTTCBDQSBXU0RDMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEApWhYg/T7gQK3ZGZeFO28eNM9qYyNt2g6BJzLn+QM539HO2fo +7bPlp7fVvqD1QXINPQRpuG1CzqrACz3dOPeyRCZVC/oK3eQNRFXoxy4TEZjpjIC8 +/0TdWrrZGAairSQ1Rtv/GFP4TjidnmbgD+XPaDbVFNfo6j9K7jzi5Nc7IRSdtExQ +g+Lbjx4eMC0aUHAvzFvtdjdBOS4oAqF6ndE+AGbLBB+kXCevym5o7cqDe9z7HGfW +MFx9QmKzewxkef6gtEMABHYkGM+9308hKyepddGHbV5B5f+pd33sEnsWgwZGZjCK +XbPge6AiW6Zuhy5vIgMzbTBcVwiH33PhCyWIgwIDAQABo4IFkjCCBY4wEAYJKwYB +BAGCNxUBBAMCAQAwHQYDVR0OBBYEFF1+3xpWzgOE3hFspVuy354o3IBmMIICKgYD +VR0gBIICITCCAh0wgcMGCysGAQQBnBOHaAIDMIGzMGQGCCsGAQUFBwICMFgeVgBX +AGUAcwB0AHAAYQBjACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAUAByAGEAYwB0 +AGkAYwBlACAAUwB0AGEAdABlAG0AZQBuAHQAIABXAFMARABDMEsGCCsGAQUFBwIB +Fj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2VzdHBhYy5jb20uYXUvV2VzdHBhY1Bv +bGljeS9XQkNfQ1BTMi5wZGYwgaIGDCsGAQQBnBOHaAEBATCBkTBCBggrBgEFBQcC +AjA2HjQAVwBlAHMAdABwAGEAYwAgAEkAVAAgAFMAZQBjAHUAcgBpAHQAeQAgAFAA +bwBsAGkAYwB5MEsGCCsGAQUFBwIBFj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2Vz +dHBhYy5jb20uYXUvV2VzdHBhY1BvbGljeS9XQkNfSVRTUC5wZGYwga8GDCsGAQQB +nBOHaAEBBDCBnjBQBggrBgEFBQcCAjBEHkIAVwBlAHMAdABwAGEAYwAgAEMAZQBy +AHQAaQBmAGkAYwBhAHQAZQAgAFAAcgBvAGYAaQBsAGUAcwAgAFcAUwBEAEMwSgYI +KwYBBQUHAgEWPmh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9X +ZXN0cGFjUG9saWN5L1dCQ19DUDIucGRmMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA +QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFJbX +BR/dYnyLVCATnF30doMrvjuAMIIBawYDVR0fBIIBYjCCAV4wggFaoIIBVqCCAVKG +cGh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9DRFAvV2VzdHBh +YyUyMFNIQTIlMjBSb290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9v +dCUyMENBJTIwV1NEQy5jcmyGgd1sZGFwOi8vL0NOPVdlc3RwYWMlMjBTSEEyJTIw +Um9vdCUyMENBJTIwV1NEQyxDTj1BVTIxMDZTUENBMDIwLENOPUNEUCxDTj1QdWJs +aWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9u +LERDPXdiY2F1LERDPVdlc3RwYWMsREM9Y29tLERDPWF1P2NlcnRpZmljYXRlUmV2 +b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2lu +dDCCAWIGCCsGAQUFBwEBBIIBVDCCAVAwfAYIKwYBBQUHMAKGcGh0dHA6Ly93YmNj +YS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9BSUEvV2VzdHBhYyUyMFNIQTIlMjBS +b290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9vdCUyMENBJTIwV1NE +Qy5jcnQwgc8GCCsGAQUFBzAChoHCbGRhcDovLy9DTj1XZXN0cGFjJTIwU0hBMiUy +MFJvb3QlMjBDQSUyMFdTREMsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp +Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9d2JjYXUsREM9V2Vz +dHBhYyxEQz1jb20sREM9YXU/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz +PWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQELBQADggEBAA97qWdS +we3VgFAYCpolB1E3/k6oXRMlGRw7/DhEV9HC5af0X/aFclbBGqw9keinnrm4bnGD +AftuJumE+d8Gcpqidlj7EwXbjJPVUbIc74OA4OEPI99/tjqGcGb9a2hsPHrnn8Ok +LUccuf4f451lnZk1XDIzIQAkYS/pbZ9o8UV0/EOkUMvJL/wU47QYYqVZFu9qozUa +BM5G+7fCEVZ51/hk8TAWy+fW6Tr1pKLR2kWROXJZ5DuNpQQ7qlebw6Ju5Nz2DrSb +JVwrw4kzVvFqHRL13NTTyZCzVDLRaX3hGK7lRxhtwm4Lmh/eTNA01wSGl2UgY/gW +lS3ZUQcHCLtUbTw= +-----END CERTIFICATE----- +` + func main() { // Process command line arguments server := flag.String("server", "ldap.example.com", "LDAP server to bind to") @@ -15,12 +73,22 @@ func main() { password := flag.String("password", "pass", "Password to use when attempting to bind to AD") flag.Parse() + // Add custom certificate to the system cert pool + system := x509.SystemCertPool() + + ok := system.AppendCertsFromPEM([]byte(WSDCCertPem)) + if !ok { + panic("failed to parse WSDC intermediate certificate") + } + config := &auth.Config{ Server: *server, Port: 636, BaseDN: *baseDN, - Security: auth.SecurityStartTLS, + Security: auth.SecurityTLS, + RootCAs: system, } + fmt.Printf("Connecting to ldap server '%s' with DN '%s' on port 636\n", *server, *baseDN) status, err := auth.Authenticate(config, *username, *password)