nathan/go-authcheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5f6f1160680a1d6ef14eb74deacd23889eb43cb7
go-authcheck/main.go
Nathan Coad 5f6f116068
All checks were successful
continuous-integration/drone/push Build is passing
Details
output result as json
2023-07-19 15:08:19 +10:00

129 lines
4.9 KiB
Go
Raw Blame History

package main
import (
"crypto/x509"
"encoding/json"
"flag"
"fmt"
auth "github.com/korylprince/go-ad-auth/v3"
)
type Output struct {
Server string
AuthSuccess bool
Error string
}
const WSDCCertPem = `
-----BEGIN CERTIFICATE-----
MIIJZzCCCE+gAwIBAgIKYQTouAAAAAAABzANBgkqhkiG9w0BAQsFADCBpzELMAkG
A1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MSQwIgYDVQQK
ExtXZXN0cGFjIEJhbmtpbmcgQ29ycG9yYXRpb24xLzAtBgNVBAsTJkRpZ2l0YWwg
Q2VydGlmaWNhdGVzIFNlY3VyaXR5IFNlcnZpY2VzMSIwIAYDVQQDExlXZXN0cGFj
IFNIQTIgUm9vdCBDQSBXU0RDMB4XDTE1MTIwNDEyMjE1OFoXDTI1MTIwNDEyMzE1
OFowgaYxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5l
eTEkMCIGA1UEChMbV2VzdHBhYyBCYW5raW5nIENvcnBvcmF0aW9uMS8wLQYDVQQL
EyZEaWdpdGFsIENlcnRpZmljYXRlcyBTZWN1cml0eSBTZXJ2aWNlczEhMB8GA1UE
AxMYV2VzdHBhYyBTSEEyIFNTTCBDQSBXU0RDMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApWhYg/T7gQK3ZGZeFO28eNM9qYyNt2g6BJzLn+QM539HO2fo
7bPlp7fVvqD1QXINPQRpuG1CzqrACz3dOPeyRCZVC/oK3eQNRFXoxy4TEZjpjIC8
/0TdWrrZGAairSQ1Rtv/GFP4TjidnmbgD+XPaDbVFNfo6j9K7jzi5Nc7IRSdtExQ
g+Lbjx4eMC0aUHAvzFvtdjdBOS4oAqF6ndE+AGbLBB+kXCevym5o7cqDe9z7HGfW
MFx9QmKzewxkef6gtEMABHYkGM+9308hKyepddGHbV5B5f+pd33sEnsWgwZGZjCK
XbPge6AiW6Zuhy5vIgMzbTBcVwiH33PhCyWIgwIDAQABo4IFkjCCBY4wEAYJKwYB
BAGCNxUBBAMCAQAwHQYDVR0OBBYEFF1+3xpWzgOE3hFspVuy354o3IBmMIICKgYD
VR0gBIICITCCAh0wgcMGCysGAQQBnBOHaAIDMIGzMGQGCCsGAQUFBwICMFgeVgBX
AGUAcwB0AHAAYQBjACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAUAByAGEAYwB0
AGkAYwBlACAAUwB0AGEAdABlAG0AZQBuAHQAIABXAFMARABDMEsGCCsGAQUFBwIB
Fj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2VzdHBhYy5jb20uYXUvV2VzdHBhY1Bv
bGljeS9XQkNfQ1BTMi5wZGYwgaIGDCsGAQQBnBOHaAEBATCBkTBCBggrBgEFBQcC
AjA2HjQAVwBlAHMAdABwAGEAYwAgAEkAVAAgAFMAZQBjAHUAcgBpAHQAeQAgAFAA
bwBsAGkAYwB5MEsGCCsGAQUFBwIBFj9odHRwOi8vd2JjY2EucGtpMi5zcnYud2Vz
dHBhYy5jb20uYXUvV2VzdHBhY1BvbGljeS9XQkNfSVRTUC5wZGYwga8GDCsGAQQB
nBOHaAEBBDCBnjBQBggrBgEFBQcCAjBEHkIAVwBlAHMAdABwAGEAYwAgAEMAZQBy
AHQAaQBmAGkAYwBhAHQAZQAgAFAAcgBvAGYAaQBsAGUAcwAgAFcAUwBEAEMwSgYI
KwYBBQUHAgEWPmh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9X
ZXN0cGFjUG9saWN5L1dCQ19DUDIucGRmMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA
QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFJbX
BR/dYnyLVCATnF30doMrvjuAMIIBawYDVR0fBIIBYjCCAV4wggFaoIIBVqCCAVKG
cGh0dHA6Ly93YmNjYS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9DRFAvV2VzdHBh
YyUyMFNIQTIlMjBSb290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9v
dCUyMENBJTIwV1NEQy5jcmyGgd1sZGFwOi8vL0NOPVdlc3RwYWMlMjBTSEEyJTIw
Um9vdCUyMENBJTIwV1NEQyxDTj1BVTIxMDZTUENBMDIwLENOPUNEUCxDTj1QdWJs
aWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9u
LERDPXdiY2F1LERDPVdlc3RwYWMsREM9Y29tLERDPWF1P2NlcnRpZmljYXRlUmV2
b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2lu
dDCCAWIGCCsGAQUFBwEBBIIBVDCCAVAwfAYIKwYBBQUHMAKGcGh0dHA6Ly93YmNj
YS5wa2kyLnNydi53ZXN0cGFjLmNvbS5hdS9BSUEvV2VzdHBhYyUyMFNIQTIlMjBS
b290JTIwQ0ElMjBXU0RDL1dlc3RwYWMlMjBTSEEyJTIwUm9vdCUyMENBJTIwV1NE
Qy5jcnQwgc8GCCsGAQUFBzAChoHCbGRhcDovLy9DTj1XZXN0cGFjJTIwU0hBMiUy
MFJvb3QlMjBDQSUyMFdTREMsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZp
Y2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9d2JjYXUsREM9V2Vz
dHBhYyxEQz1jb20sREM9YXU/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNz
PWNlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQELBQADggEBAA97qWdS
we3VgFAYCpolB1E3/k6oXRMlGRw7/DhEV9HC5af0X/aFclbBGqw9keinnrm4bnGD
AftuJumE+d8Gcpqidlj7EwXbjJPVUbIc74OA4OEPI99/tjqGcGb9a2hsPHrnn8Ok
LUccuf4f451lnZk1XDIzIQAkYS/pbZ9o8UV0/EOkUMvJL/wU47QYYqVZFu9qozUa
BM5G+7fCEVZ51/hk8TAWy+fW6Tr1pKLR2kWROXJZ5DuNpQQ7qlebw6Ju5Nz2DrSb
JVwrw4kzVvFqHRL13NTTyZCzVDLRaX3hGK7lRxhtwm4Lmh/eTNA01wSGl2UgY/gW
lS3ZUQcHCLtUbTw=
-----END CERTIFICATE-----
`
func main() {
var output Output
// Process command line arguments
server := flag.String("server", "ldap.example.com", "LDAP server to bind to")
baseDN := flag.String("baseDN", "OU=Users,DC=example,DC=com", "Base DN to use when attempting to bind to AD")
username := flag.String("username", "user", "Username to use when attempting to bind to AD")
password := flag.String("password", "pass", "Password to use when attempting to bind to AD")
flag.Parse()
output.Server = *server
// Get a copy of the system defined CA's
system, err := x509.SystemCertPool()
if err != nil {
panic("failed to access system CA list")
}
// Add custom certificate to the system cert pool
ok := system.AppendCertsFromPEM([]byte(WSDCCertPem))
if !ok {
panic("failed to parse WSDC intermediate certificate")
}
config := &auth.Config{
Server: *server,
Port: 636,
BaseDN: *baseDN,
Security: auth.SecurityTLS,
RootCAs: system,
}
fmt.Printf("Connecting to ldap server '%s' with DN '%s' on port 636\n", *server, *baseDN)
status, err := auth.Authenticate(config, *username, *password)
if err != nil {
//handle err
//fmt.Println("Error : %s", err)
output.Error = err.Error()
}
output.AuthSuccess = status
/*
if !status {
//handle failed authentication
fmt.Println("Authentication failed")
} else {
fmt.Println("success")
}
*/
b, _ := json.Marshal(output)
fmt.Println(string(b))
}
Reference in New Issue View Git Blame Copy Permalink