openvpn-mgt/main.go

package main

import (
	"flag"
	"log"
	"log/syslog"
	"math/rand"
	"os"
	"strings"
	"time"

	"github.com/pyke369/golang-support/uconfig"
)

func main() {
	var err error
	var config *uconfig.UConfig
	// default configuration file is /etc/openvpn/dm-mgt-server.conf
	configFile := flag.String("config", "/etc/openvpn/dm-mgt-server.conf", "configuration file")
	logToSyslog := flag.Bool("syslog", false, "Log to syslog")
	debug := flag.Bool("debug", false, "log every message received")
	flag.Parse()

	// parseconfig
	if config, err = uconfig.New(*configFile); err != nil {
		log.Println(err)
		os.Exit(1)
	}

	// seed the prng
	rand.Seed(time.Now().UnixNano())

	server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"))
	server.vpnlogUrl = config.GetString("config.vpnLogUrl", "")
	server.mailRelay = config.GetString("config.mailRelay", "")
	server.MailFrom = config.GetString("config.mailFrom", "")
	server.CcPwnPassword = config.GetString("config.ccPwnPassword", "")
	server.pwnTemplate = config.GetString("config.pwnTemplate", "")
	server.newAsTemplate = config.GetString("config.newAsTemplate", "")
	server.cacheDir = config.GetString("config.cacheDir", "")
	server.authCa = config.GetString("config.authCa", "")
	server.otpMasterSecrets = parseConfigArray(config, "config.masterSecrets")
	server.ipRouteScript = config.GetString("config.ipRouteScript", "/bin/ip")

	if len(server.otpMasterSecrets) == 0 {
		server.otpMasterSecrets = append(server.otpMasterSecrets, "*******************")
	}

	server.syslog = false
	if *logToSyslog {
		log.SetFlags(0)
		server.syslog = true
		logWriter, e := syslog.New(syslog.LOG_NOTICE, "vpnauth")
		if e == nil {
			log.SetOutput(logWriter)
			defer logWriter.Close()
		}
	}

	server.debug = false
	if *debug {
		server.debug = true
	}

	for _, profile := range config.GetPaths("config.profiles") {
		profileName := strings.Split(profile, ".")[2]
		ldapConf := ldapConfig{
			servers:            parseConfigArray(config, profile+".servers"),
			baseDN:             config.GetString(profile+".baseDN", ""),
			bindCn:             config.GetString(profile+".bindCn", ""),
			bindPw:             config.GetString(profile+".bindPw", ""),
			searchFilter:       config.GetString(profile+".searchFilter", ""),
			primaryAttribute:   config.GetString(profile+".primaryAttribute", ""),
			secondaryAttribute: config.GetString(profile+".secondaryAttribute", ""),
			validGroups:        parseConfigArray(config, profile+".validGroups"),
			routes:             parseConfigArray(config, profile+".routes"),
			mfaType:            config.GetString(profile+".mfa", ""),
			certAuth:           config.GetString(profile+".cert", "optionnal"),
			upgradeFrom:        config.GetString(profile+".upgradeFrom", ""),
		}
		ldapConf.addIPRange(config.GetString(profile+".IPRange", ""))

		server.ldap[profileName] = ldapConf
	}

	// time to start the listeners
	go server.Run()
	NewHTTPServer(
		config.GetString("config.httpPort", "127.0.0.01:8080"),
		config.GetString("config.httpKey", ""),
		config.GetString("config.httpCert", ""),
		config.GetString("config.httpCa", ""),
		server)
}
Initial tests 2019-07-08 14:36:56 +00:00			`package main`

read configuration file 2019-07-08 20:32:12 +00:00			`import (`
			`"flag"`
			`"log"`
			`"log/syslog"`
finish OTP code 2019-07-10 16:40:15 +00:00			`"math/rand"`
read configuration file 2019-07-08 20:32:12 +00:00			`"os"`
basic ldap auth algorithm 2019-07-08 23:44:18 +00:00			`"strings"`
finish OTP code 2019-07-10 16:40:15 +00:00			`"time"`
read configuration file 2019-07-08 20:32:12 +00:00
			`"github.com/pyke369/golang-support/uconfig"`
			`)`

Initial tests 2019-07-08 14:36:56 +00:00			`func main() {`
read configuration file 2019-07-08 20:32:12 +00:00			`var err error`
basic ldap auth algorithm 2019-07-08 23:44:18 +00:00			`var config *uconfig.UConfig`
manage auth-retry 2019-07-11 06:14:38 +00:00			`// default configuration file is /etc/openvpn/dm-mgt-server.conf`
			`configFile := flag.String("config", "/etc/openvpn/dm-mgt-server.conf", "configuration file")`
read configuration file 2019-07-08 20:32:12 +00:00			`logToSyslog := flag.Bool("syslog", false, "Log to syslog")`
manage auth-retry 2019-07-11 06:14:38 +00:00			`debug := flag.Bool("debug", false, "log every message received")`
read configuration file 2019-07-08 20:32:12 +00:00			`flag.Parse()`

			`// parseconfig`
			`if config, err = uconfig.New(*configFile); err != nil {`
			`log.Println(err)`
			`os.Exit(1)`
			`}`

finish OTP code 2019-07-10 16:40:15 +00:00			`// seed the prng`
			`rand.Seed(time.Now().UnixNano())`

read configuration file 2019-07-08 20:32:12 +00:00			`server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"))`
			`server.vpnlogUrl = config.GetString("config.vpnLogUrl", "")`
			`server.mailRelay = config.GetString("config.mailRelay", "")`
			`server.MailFrom = config.GetString("config.mailFrom", "")`
			`server.CcPwnPassword = config.GetString("config.ccPwnPassword", "")`
			`server.pwnTemplate = config.GetString("config.pwnTemplate", "")`
			`server.newAsTemplate = config.GetString("config.newAsTemplate", "")`
			`server.cacheDir = config.GetString("config.cacheDir", "")`
			`server.authCa = config.GetString("config.authCa", "")`
OTP routines 2019-07-09 10:34:45 +00:00			`server.otpMasterSecrets = parseConfigArray(config, "config.masterSecrets")`
manage auth-retry 2019-07-11 06:14:38 +00:00			`server.ipRouteScript = config.GetString("config.ipRouteScript", "/bin/ip")`

OTP routines 2019-07-09 10:34:45 +00:00			`if len(server.otpMasterSecrets) == 0 {`
			`server.otpMasterSecrets = append(server.otpMasterSecrets, "*******************")`
			`}`
read configuration file 2019-07-08 20:32:12 +00:00
			`server.syslog = false`
			`if *logToSyslog {`
			`log.SetFlags(0)`
			`server.syslog = true`
Add logging, including the json one get infos from I've been pwned and the API on install.dm.gg/vpn-log.php and send mail if there is anything strange 2019-07-10 15:47:43 +00:00			`logWriter, e := syslog.New(syslog.LOG_NOTICE, "vpnauth")`
read configuration file 2019-07-08 20:32:12 +00:00			`if e == nil {`
			`log.SetOutput(logWriter)`
			`defer logWriter.Close()`
			`}`
			`}`

manage auth-retry 2019-07-11 06:14:38 +00:00			`server.debug = false`
			`if *debug {`
			`server.debug = true`
			`}`

basic ldap auth algorithm 2019-07-08 23:44:18 +00:00			`for _, profile := range config.GetPaths("config.profiles") {`
			`profileName := strings.Split(profile, ".")[2]`
			`ldapConf := ldapConfig{`
			`servers: parseConfigArray(config, profile+".servers"),`
			`baseDN: config.GetString(profile+".baseDN", ""),`
			`bindCn: config.GetString(profile+".bindCn", ""),`
			`bindPw: config.GetString(profile+".bindPw", ""),`
			`searchFilter: config.GetString(profile+".searchFilter", ""),`
			`primaryAttribute: config.GetString(profile+".primaryAttribute", ""),`
			`secondaryAttribute: config.GetString(profile+".secondaryAttribute", ""),`
			`validGroups: parseConfigArray(config, profile+".validGroups"),`
working prototype can push OTP request can push routes 2019-07-09 21:37:37 +00:00			`routes: parseConfigArray(config, profile+".routes"),`
			`mfaType: config.GetString(profile+".mfa", ""),`
basic ldap auth algorithm 2019-07-08 23:44:18 +00:00			`certAuth: config.GetString(profile+".cert", "optionnal"),`
			`upgradeFrom: config.GetString(profile+".upgradeFrom", ""),`
			`}`
			`ldapConf.addIPRange(config.GetString(profile+".IPRange", ""))`

			`server.ldap[profileName] = ldapConf`
			`}`

			`// time to start the listeners`
Initial tests 2019-07-08 14:36:56 +00:00			`go server.Run()`
read configuration file 2019-07-08 20:32:12 +00:00			`NewHTTPServer(`
			`config.GetString("config.httpPort", "127.0.0.01:8080"),`
			`config.GetString("config.httpKey", ""),`
			`config.GetString("config.httpCert", ""),`
			`config.GetString("config.httpCa", ""),`
			`server)`
Initial tests 2019-07-08 14:36:56 +00:00			`}`