103 lines
3.2 KiB
Go
103 lines
3.2 KiB
Go
package main
|
|
|
|
import (
|
|
"flag"
|
|
"log"
|
|
"log/syslog"
|
|
"math/rand"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/pyke369/golang-support/uconfig"
|
|
)
|
|
|
|
func main() {
|
|
var err error
|
|
var config *uconfig.UConfig
|
|
// default configuration file is /etc/openvpn/dm-mgt-server.conf
|
|
configFile := flag.String("config", "/etc/openvpn/dm-mgt-server.conf", "configuration file")
|
|
logToSyslog := flag.Bool("syslog", false, "Log to syslog")
|
|
debug := flag.Bool("debug", false, "log every message received")
|
|
flag.Parse()
|
|
|
|
// parseconfig
|
|
if config, err = uconfig.New(*configFile); err != nil {
|
|
log.Println(err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
// seed the prng
|
|
rand.Seed(time.Now().UnixNano())
|
|
|
|
server := NewVPNServer(config.GetString("config.openvpnPort", "127.0.0.01:5000"))
|
|
server.vpnlogUrl = config.GetString("config.vpnLogUrl", "")
|
|
server.mailRelay = config.GetString("config.mailRelay", "")
|
|
server.MailFrom = config.GetString("config.mailFrom", "")
|
|
server.CcPwnPassword = config.GetString("config.ccPwnPassword", "")
|
|
server.pwnTemplate = config.GetString("config.pwnTemplate", "")
|
|
server.newAsTemplate = config.GetString("config.newAsTemplate", "")
|
|
server.cacheDir = config.GetString("config.cacheDir", "")
|
|
server.authCa = config.GetString("config.authCa", "")
|
|
server.otpMasterSecrets = parseConfigArray(config, "config.masterSecrets")
|
|
|
|
if len(server.otpMasterSecrets) == 0 {
|
|
server.otpMasterSecrets = append(server.otpMasterSecrets, "*******************")
|
|
}
|
|
|
|
server.syslog = false
|
|
if *logToSyslog {
|
|
log.SetFlags(0)
|
|
server.syslog = true
|
|
logWriter, e := syslog.New(syslog.LOG_NOTICE, "vpnauth")
|
|
if e == nil {
|
|
log.SetOutput(logWriter)
|
|
defer logWriter.Close()
|
|
}
|
|
}
|
|
|
|
server.debug = false
|
|
if *debug {
|
|
server.debug = true
|
|
}
|
|
|
|
for _, profile := range config.GetPaths("config.profiles") {
|
|
profileName := strings.Split(profile, ".")[2]
|
|
ldapConf := ldapConfig{
|
|
servers: parseConfigArray(config, profile+".servers"),
|
|
baseDN: config.GetString(profile+".baseDN", ""),
|
|
bindCn: config.GetString(profile+".bindCn", ""),
|
|
bindPw: config.GetString(profile+".bindPw", ""),
|
|
searchFilter: config.GetString(profile+".searchFilter", ""),
|
|
attributes: parseConfigArray(config, profile+".attributes"),
|
|
validGroups: parseConfigArray(config, profile+".validGroups"),
|
|
routes: parseConfigArray(config, profile+".routes"),
|
|
mfaType: config.GetString(profile+".mfa", ""),
|
|
certAuth: config.GetString(profile+".cert", "optionnal"),
|
|
upgradeFrom: config.GetString(profile+".upgradeFrom", ""),
|
|
}
|
|
if err := ldapConf.addIPRange(config.GetString(profile+".IPRange", "")); err != nil {
|
|
log.Println(err)
|
|
os.Exit(1)
|
|
}
|
|
|
|
if len(ldapConf.servers) > 0 && len(ldapConf.attributes) < 2 {
|
|
log.Println("valud ldap configuration must have 2 attributes")
|
|
os.Exit(1)
|
|
}
|
|
|
|
server.ldap[profileName] = ldapConf
|
|
}
|
|
|
|
// time to start the listeners
|
|
go server.Run()
|
|
NewHTTPServer(
|
|
config.GetString("config.http.port", "127.0.0.01:8080"),
|
|
config.GetString("config.http.key", ""),
|
|
config.GetString("config.http.cert", ""),
|
|
config.GetString("config.http.ca", ""),
|
|
config.GetString("config.http.startAuth", "CORP"),
|
|
config.GetString("config.http.reqAuth", "ADMINS"),
|
|
server)
|
|
}
|