201 lines
6.5 KiB
Go
201 lines
6.5 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"encoding/json"
|
|
"encoding/pem"
|
|
"flag"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
auth "github.com/korylprince/go-ad-auth/v3"
|
|
)
|
|
|
|
type Output struct {
|
|
Server string
|
|
AuthSuccess bool
|
|
Error string
|
|
}
|
|
|
|
const WSDCCertPem = `
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIJZzCCCE+gAwIBAgIKYQTouAAAAAAABzANBgkqhkiG9w0BAQsFADCBpzELMAkG
|
|
A1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MSQwIgYDVQQK
|
|
ExtXZXN0cGFjIEJhbmtpbmcgQ29ycG9yYXRpb24xLzAtBgNVBAsTJkRpZ2l0YWwg
|
|
Q2VydGlmaWNhdGVzIFNlY3VyaXR5IFNlcnZpY2VzMSIwIAYDVQQDExlXZXN0cGFj
|
|
IFNIQTIgUm9vdCBDQSBXU0RDMB4XDTE1MTIwNDEyMjE1OFoXDTI1MTIwNDEyMzE1
|
|
OFowgaYxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5l
|
|
eTEkMCIGA1UEChMbV2VzdHBhYyBCYW5raW5nIENvcnBvcmF0aW9uMS8wLQYDVQQL
|
|
EyZEaWdpdGFsIENlcnRpZmljYXRlcyBTZWN1cml0eSBTZXJ2aWNlczEhMB8GA1UE
|
|
AxMYV2VzdHBhYyBTSEEyIFNTTCBDQSBXU0RDMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
|
AQ8AMIIBCgKCAQEApWhYg/T7gQK3ZGZeFO28eNM9qYyNt2g6BJzLn+QM539HO2fo
|
|
7bPlp7fVvqD1QXINPQRpuG1CzqrACz3dOPeyRCZVC/oK3eQNRFXoxy4TEZjpjIC8
|
|
/0TdWrrZGAairSQ1Rtv/GFP4TjidnmbgD+XPaDbVFNfo6j9K7jzi5Nc7IRSdtExQ
|
|
g+Lbjx4eMC0aUHAvzFvtdjdBOS4oAqF6ndE+AGbLBB+kXCevym5o7cqDe9z7HGfW
|
|
MFx9QmKzewxkef6gtEMABHYkGM+9308hKyepddGHbV5B5f+pd33sEnsWgwZGZjCK
|
|
XbPge6AiW6Zuhy5vIgMzbTBcVwiH33PhCyWIgwIDAQABo4IFkjCCBY4wEAYJKwYB
|
|
BAGCNxUBBAMCAQAwHQYDVR0OBBYEFF1+3xpWzgOE3hFspVuy354o3IBmMIICKgYD
|
|
VR0gBIICITCCAh0wgcMGCysGAQQBnBOHaAIDMIGzMGQGCCsGAQUFBwICMFgeVgBX
|
|
AGUAcwB0AHAAYQBjACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAUAByAGEAYwB0
|
|
AGkAYwBlACAAUwB0AGEAdABlAG0AZQBuAHQAIABXAFMARABDMEsGCCsGAQUFBwIB
|
|
Fj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2VzdHBhYy5jb20uYXUvV2VzdHBhY1Bv
|
|
bGljeS9XQkNfQ1BTMi5wZGYwgaIGDCsGAQQBnBOHaAEBATCBkTBCBggrBgEFBQcC
|
|
AjA2HjQAVwBlAHMAdABwAGEAYwAgAEkAVAAgAFMAZQBjAHUAcgBpAHQAeQAgAFAA
|
|
bwBsAGkAYwB5MEsGCCsGAQUFBwIBFj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2Vz
|
|
dHBhYy5jb20uYXUvV2VzdHBhY1BvbGljeS9XQkNfSVRTUC5wZGYwga8GDCsGAQQB
|
|
nBOHaAEBBDCBnjBQBggrBgEFBQcCAjBEHkIAVwBlAHMAdABwAGEAYwAgAEMAZQBy
|
|
AHQAaQBmAGkAYwBhAHQAZQAgAFAAcgBvAGYAaQBsAGUAcwAgAFcAUwBEAEMwSgYI
|
|
KwYBBQUHAgEWPmh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9X
|
|
ZXN0cGFjUG9saWN5L1dCQ19DUDIucGRmMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA
|
|
QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFJbX
|
|
BR/dYnyLVCATnF30doMrvjuAMIIBawYDVR0fBIIBYjCCAV4wggFaoIIBVqCCAVKG
|
|
cGh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9DRFAvV2VzdHBh
|
|
YyUyMFNIQTIlMjBSb290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9v
|
|
dCUyMENBJTIwV1NEQy5jcmyGgd1sZGFwOi8vL0NOPVdlc3RwYWMlMjBTSEEyJTIw
|
|
Um9vdCUyMENBJTIwV1NEQyxDTj1BVTIxMDZTUENBMDIwLENOPUNEUCxDTj1QdWJs
|
|
aWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9u
|
|
LERDPXdiY2F1LERDPVdlc3RwYWMsREM9Y29tLERDPWF1P2NlcnRpZmljYXRlUmV2
|
|
b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2lu
|
|
dDCCAWIGCCsGAQUFBwEBBIIBVDCCAVAwfAYIKwYBBQUHMAKGcGh0dHA6Ly93YmNj
|
|
YS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9BSUEvV2VzdHBhYyUyMFNIQTIlMjBS
|
|
b290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9vdCUyMENBJTIwV1NE
|
|
Qy5jcnQwgc8GCCsGAQUFBzAChoHCbGRhcDovLy9DTj1XZXN0cGFjJTIwU0hBMiUy
|
|
MFJvb3QlMjBDQSUyMFdTREMsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
|
|
Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9d2JjYXUsREM9V2Vz
|
|
dHBhYyxEQz1jb20sREM9YXU/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz
|
|
PWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQELBQADggEBAA97qWdS
|
|
we3VgFAYCpolB1E3/k6oXRMlGRw7/DhEV9HC5af0X/aFclbBGqw9keinnrm4bnGD
|
|
AftuJumE+d8Gcpqidlj7EwXbjJPVUbIc74OA4OEPI99/tjqGcGb9a2hsPHrnn8Ok
|
|
LUccuf4f451lnZk1XDIzIQAkYS/pbZ9o8UV0/EOkUMvJL/wU47QYYqVZFu9qozUa
|
|
BM5G+7fCEVZ51/hk8TAWy+fW6Tr1pKLR2kWROXJZ5DuNpQQ7qlebw6Ju5Nz2DrSb
|
|
JVwrw4kzVvFqHRL13NTTyZCzVDLRaX3hGK7lRxhtwm4Lmh/eTNA01wSGl2UgY/gW
|
|
lS3ZUQcHCLtUbTw=
|
|
-----END CERTIFICATE-----
|
|
`
|
|
|
|
func GetFilePath(path string) string {
|
|
// Check for empty filename
|
|
if len(path) == 0 {
|
|
return ""
|
|
}
|
|
|
|
// check if filename exists
|
|
if _, err := os.Stat(path); os.IsNotExist((err)) {
|
|
fmt.Printf("File '%s' not found, searching in same directory as binary\n", path)
|
|
// if not, check that it exists in the same directory as the currently executing binary
|
|
ex, err2 := os.Executable()
|
|
if err2 != nil {
|
|
//log.Printf("Error determining binary path : '%s'", err)
|
|
return ""
|
|
}
|
|
binaryPath := filepath.Dir(ex)
|
|
path = filepath.Join(binaryPath, path)
|
|
}
|
|
return path
|
|
}
|
|
|
|
func isFlagPassed(name string) bool {
|
|
found := false
|
|
flag.Visit(func(f *flag.Flag) {
|
|
if f.Name == name {
|
|
found = true
|
|
}
|
|
})
|
|
return found
|
|
}
|
|
|
|
func main() {
|
|
var output Output
|
|
|
|
// Process command line arguments
|
|
server := flag.String("server", "ldap.example.com", "LDAP server to bind to")
|
|
baseDN := flag.String("baseDN", "OU=Users,DC=example,DC=com", "Base DN to use when attempting to bind to AD")
|
|
username := flag.String("username", "user", "Username to use when attempting to bind to AD")
|
|
password := flag.String("password", "pass", "Password to use when attempting to bind to AD")
|
|
certFile := flag.String("cert-file", "rootca.pem", "Filename to load trusted certificate from")
|
|
flag.Parse()
|
|
|
|
output.Server = *server
|
|
|
|
// Get a copy of the system defined CA's
|
|
system, err := x509.SystemCertPool()
|
|
if err != nil {
|
|
output.AuthSuccess = false
|
|
output.Error = "failed to access system CA list"
|
|
b, _ := json.Marshal(output)
|
|
fmt.Println(string(b))
|
|
return
|
|
}
|
|
|
|
// only try to load certificate from file if the command line argument was specified
|
|
if isFlagPassed("cert-file") {
|
|
// Try to read the file
|
|
cf, err := ioutil.ReadFile(GetFilePath(*certFile))
|
|
if err != nil {
|
|
output.AuthSuccess = false
|
|
output.Error = err.Error()
|
|
b, _ := json.Marshal(output)
|
|
fmt.Println(string(b))
|
|
return
|
|
}
|
|
|
|
// Get the certificate from the file
|
|
cpb, _ := pem.Decode(cf)
|
|
crt, err := x509.ParseCertificate(cpb.Bytes)
|
|
|
|
if err != nil {
|
|
output.AuthSuccess = false
|
|
output.Error = err.Error()
|
|
b, _ := json.Marshal(output)
|
|
fmt.Println(string(b))
|
|
return
|
|
}
|
|
|
|
// Add custom certificate to the system cert pool
|
|
system.AddCert(crt)
|
|
/*
|
|
ok := system.AppendCertsFromPEM(crt)
|
|
if !ok {
|
|
output.AuthSuccess = false
|
|
output.Error = "failed to parse WSDC intermediate certificate"
|
|
b, _ := json.Marshal(output)
|
|
fmt.Println(string(b))
|
|
return
|
|
}
|
|
*/
|
|
}
|
|
|
|
config := &auth.Config{
|
|
Server: *server,
|
|
Port: 636,
|
|
BaseDN: *baseDN,
|
|
Security: auth.SecurityTLS,
|
|
RootCAs: system,
|
|
}
|
|
//fmt.Printf("Connecting to ldap server '%s' with DN '%s' on port 636\n", *server, *baseDN)
|
|
|
|
status, err := auth.Authenticate(config, *username, *password)
|
|
|
|
if err != nil {
|
|
//handle err
|
|
//fmt.Println("Error : %s", err)
|
|
output.Error = err.Error()
|
|
}
|
|
|
|
output.AuthSuccess = status
|
|
|
|
/*
|
|
if !status {
|
|
//handle failed authentication
|
|
fmt.Println("Authentication failed")
|
|
} else {
|
|
fmt.Println("success")
|
|
}
|
|
*/
|
|
|
|
b, _ := json.Marshal(output)
|
|
fmt.Println(string(b))
|
|
}
|