glapi/main.go

377 lines
9.3 KiB
Go
Raw Permalink Normal View History

2022-10-08 18:52:11 +02:00
// Go Ldap Api
// Copyright (c) 2022 yo000 <johan@nosd.in>
//
package main
import (
"os"
"fmt"
"flag"
"time"
"strings"
"net/http"
2022-10-08 18:52:11 +02:00
"encoding/json"
"github.com/spf13/viper"
"github.com/gin-gonic/gin"
"github.com/go-ldap/ldap/v3"
log "github.com/sirupsen/logrus"
)
var (
gVersion = "0.5.1"
2022-10-08 18:52:11 +02:00
)
func marshalResultToText(res *ldap.SearchResult, delimiter string, showValueName, showDN bool) string {
var txtRes string
for _, e := range res.Entries {
if showDN {
if showValueName {
txtRes = fmt.Sprintf("%s%s\n", txtRes, e.DN)
} else {
txtRes = fmt.Sprintf("%sdn%s%s\n", txtRes, delimiter, e.DN)
}
}
for _, a := range e.Attributes {
for _, v := range a.Values {
if showValueName {
txtRes = fmt.Sprintf("%s%s\n", txtRes, v)
} else {
txtRes = fmt.Sprintf("%s%s%s%s\n", txtRes, a.Name, delimiter, v)
}
}
}
// No DN = No linefeed between entries
if showDN {
txtRes = fmt.Sprintf("%s\n", txtRes)
}
}
return txtRes
}
func sendResponse(c *gin.Context, res *ldap.SearchResult, format string) {
// 404 Not found
if len(res.Entries) == 0 {
if strings.EqualFold(format, "json") {
c.JSON(http.StatusNotFound, gin.H{"error": "No result"})
2022-10-08 18:52:11 +02:00
} else {
c.String(http.StatusNotFound, "No result")
2022-10-08 18:52:11 +02:00
}
return
}
log.Debugf("Got %d results", len(res.Entries))
if strings.EqualFold(format, "json") {
jsonRes, err := json.Marshal(res.Entries)
if err != nil {
log.Errorf("Error marshalling result to json: %v", err)
}
log.Debugf("%v\n", string(jsonRes))
c.String(http.StatusOK, string(jsonRes))
2022-10-08 18:52:11 +02:00
} else if strings.EqualFold(format, "text") {
txtRes := marshalResultToText(res, "=", false, true)
log.Debugf("%v\n", string(txtRes))
c.String(http.StatusOK, string(txtRes))
2022-10-08 18:52:11 +02:00
} else if strings.EqualFold(format, "ldif") {
txtRes := marshalResultToText(res, ": ", false, true)
log.Debugf("%v\n", string(txtRes))
c.String(http.StatusOK, string(txtRes))
2022-10-08 18:52:11 +02:00
} else if strings.EqualFold(format, "textvalue") {
txtRes := marshalResultToText(res, "", true, true)
log.Debugf("%v\n", string(txtRes))
c.String(http.StatusOK, string(txtRes))
2022-10-08 18:52:11 +02:00
} else if strings.EqualFold(format, "textvalue-nodn") {
txtRes := marshalResultToText(res, "", true, false)
log.Debugf("%v\n", string(txtRes))
c.String(http.StatusOK, string(txtRes))
2022-10-08 18:52:11 +02:00
}
}
func checkIfModifiedSince(c *gin.Context, myldap *MyLdap, baseDn, cn, class, attributes string) (bool, error) {
// FIXME: We need to cache the last result, because if an item is deleted from LDAP we won't see it and
// we will return 304. So deletions will never make their way to Rspamd
// For now, lets always return "Modified"
return true, nil
if len(c.Request.Header["If-Modified-Since"]) > 0 {
t := strings.Replace(c.Request.Header["If-Modified-Since"][0], "GMT", "+0000", 1)
ifModifiedSince, _ := time.Parse(time.RFC1123Z, t)
log.Debugf("ifModifiedSince: %s", ifModifiedSince)
res, err := doLdapSearch(myldap, baseDn, cn, class, "modifyTimestamp")
if err != nil {
log.Errorf("Error searching modifyTimestamp for %s in %s : %v", cn, baseDn, err)
return true, err
}
// modifyTimestamp format
mtFmt := "20060102150405Z"
// Compare each object timestamp
hasNewer := false
for _, e := range res.Entries {
for _, a := range e.Attributes {
if strings.EqualFold(a.Name, "modifyTimestamp") {
mt, _ := time.Parse(mtFmt, a.Values[0])
log.Debugf("%s modifyTimestamp: %s", e.DN, mt)
if mt.Unix() > ifModifiedSince.Unix() {
log.Debugf("%s is newer than %s: %s", e.DN, ifModifiedSince, mt)
hasNewer = true
break
}
}
}
if hasNewer {
break
}
}
if false == hasNewer {
return false, nil
}
}
return true, nil
}
// Basic Authentication handler
// TODO: Where to store accounts?
func basicAuth(c *gin.Context) {
user, password, hasAuth := c.Request.BasicAuth()
if hasAuth && user == "admin" && password == "admin" {
log.Infof("[%s]: User %s successfully authenticated", c.Request.RemoteAddr, user)
} else {
c.AbortWithStatus(http.StatusUnauthorized)
2022-10-08 18:52:11 +02:00
c.Writer.Header().Set("WWW-Authenticate", "Basic realm=Restricted")
return
}
}
func initRouter(r *gin.Engine, myldap *MyLdap) {
r.GET("/ping", func(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{
2022-10-08 18:52:11 +02:00
"message": "pong",
})
})
// All following routes need authentication
r.GET("/:ou/:cn/:class", basicAuth, func(c *gin.Context) {
ou := c.Param("ou")
cn := c.Param("cn")
class := c.Param("class")
// json format is the default
format := c.DefaultQuery("format", "json")
log.Printf("Format : %s", format)
res, err := doLdapSearch(myldap, ou, cn, class, "ALL")
// If OU does not exist, we'll get err='LDAP Result Code 32 "No Such Object"'
if err != nil {
log.Errorf("Error searching %s in %s : %v", cn, ou, err)
c.AbortWithError(http.StatusInternalServerError, err)
2022-10-08 18:52:11 +02:00
return
}
sendResponse(c, res, format)
return
})
r.HEAD("/:ou/:cn/:class", basicAuth, func(c *gin.Context) {
ou := c.Param("ou")
cn := c.Param("cn")
class := c.Param("class")
format := c.DefaultQuery("format", "json")
log.Printf("Format : %s", format)
modified, err := checkIfModifiedSince(c, myldap, ou, cn, class, "ALL")
if err != nil {
c.AbortWithError(http.StatusInternalServerError, err)
2022-10-08 18:52:11 +02:00
return
}
if modified {
res, err := doLdapSearch(myldap, ou, cn, class, "ALL")
if err != nil {
log.Errorf("Error searching %s in %s : %v", cn, ou, err)
c.AbortWithError(http.StatusInternalServerError, err)
2022-10-08 18:52:11 +02:00
return
}
sendResponse(c, res, format)
} else {
c.String(http.StatusNotModified, "")
2022-10-08 18:52:11 +02:00
}
return
})
r.GET("/:ou/:cn/:class/:attribute", basicAuth, func(c *gin.Context) {
ou := c.Param("ou")
cn := c.Param("cn")
attr := c.Param("attribute")
class := c.Param("class")
format := c.DefaultQuery("format", "json")
log.Printf("Format : %s", format)
res, err := doLdapSearch(myldap, ou, cn, class, attr)
if err != nil {
log.Errorf("Error searching %s in %s : %v", cn, ou, err)
c.AbortWithError(http.StatusInternalServerError, err)
2022-10-08 18:52:11 +02:00
return
}
sendResponse(c, res, format)
return
})
r.HEAD("/:ou/:cn/:class/:attribute", basicAuth, func(c *gin.Context) {
ou := c.Param("ou")
cn := c.Param("cn")
attr := c.Param("attribute")
class := c.Param("class")
format := c.DefaultQuery("format", "json")
log.Printf("Format : %s", format)
modified, err := checkIfModifiedSince(c, myldap, ou, cn, class, attr)
if err != nil {
c.AbortWithError(http.StatusInternalServerError, err)
2022-10-08 18:52:11 +02:00
return
}
if modified {
res, err := doLdapSearch(myldap, ou, cn, class, attr)
if err != nil {
log.Errorf("Error searching %s in %s : %v", cn, ou, err)
c.AbortWithError(http.StatusInternalServerError, err)
2022-10-08 18:52:11 +02:00
return
}
sendResponse(c, res, format)
} else {
c.String(http.StatusNotModified, "")
2022-10-08 18:52:11 +02:00
}
return
})
}
func main() {
var confFile string
var listen string
var ldapHost string
var ldapUser string
var ldapPass string
var ldapBaseDN string
2022-10-09 09:16:23 +02:00
var tlsPrivKey string
var tlsCert string
var doTls bool
2022-10-08 18:52:11 +02:00
var debug bool
flag.StringVar(&confFile, "config", "", "Path to the config file (optional)")
flag.StringVar(&listen, "listen-addr", "0.0.0.0:8080", "listen address for server")
flag.StringVar(&ldapHost, "ldap-host", "", "ldap host to connect to")
flag.StringVar(&ldapUser, "ldap-user", "", "ldap username")
flag.StringVar(&ldapPass, "ldap-pass", "", "ldap password")
flag.StringVar(&ldapBaseDN, "ldap-base-dn", "", "ldap base DN")
2022-10-09 09:16:23 +02:00
flag.BoolVar(&doTls, "https", false, "Serve over TLS")
flag.StringVar(&tlsPrivKey, "ssl-private-key", "", "SSL Private key")
flag.StringVar(&tlsCert, "ssl-certificate", "", "SSL certificate (PEM format)")
2022-10-08 18:52:11 +02:00
flag.BoolVar(&debug, "debug", false, "Set log level to debug")
flag.Parse()
if len(confFile) > 0 {
viper.SetConfigFile(confFile)
if err := viper.ReadInConfig(); err != nil {
log.Fatalf("Could not open config file: %v", err)
os.Exit(1)
}
}
if strings.EqualFold(listen, "0.0.0.0:8080") && len(confFile) > 0 {
l := viper.GetString("LISTEN")
if len(l) > 0 {
listen = l
}
}
if len(ldapHost) == 0 {
l := viper.GetString("LDAP_HOST")
if len(l) > 0 {
ldapHost = l
} else {
log.Fatal("No ldap-host defined!")
}
}
if len(ldapUser) == 0 {
l := viper.GetString("LDAP_USER")
if len(l) > 0 {
ldapUser = l
} else {
log.Fatal("No ldap-user defined!")
}
}
if len(ldapPass) == 0 {
l := viper.GetString("LDAP_PASS")
if len(l) > 0 {
ldapPass = l
} else {
log.Fatal("No ldap-pass defined!")
}
}
if len(ldapBaseDN) == 0 {
l := viper.GetString("LDAP_BASE_DN")
if len(l) > 0 {
ldapBaseDN = l
} else {
log.Fatal("No ldap-base-dn defined!")
}
}
2022-10-09 09:16:23 +02:00
if false == doTls {
doTls = viper.GetBool("HTTPS")
2022-10-09 09:16:23 +02:00
}
if doTls && len(tlsCert) == 0 {
l := viper.GetString("SSL_CERTIFICATE")
if len(l) > 0 {
tlsCert = l
} else {
log.Fatal("SSL certificate must be set to use https!")
}
}
if doTls && len(tlsPrivKey) == 0 {
l := viper.GetString("SSL_PRIVATE_KEY")
if len(l) > 0 {
tlsPrivKey = l
} else {
log.Fatal("SSL private key must be set to use https!")
}
}
2022-10-08 18:52:11 +02:00
log.Println("Starting Go Ldap API v.", gVersion)
if debug {
log.SetLevel(log.DebugLevel)
}
r := gin.Default()
ldap := MyLdap{Host: ldapHost, User: ldapUser, Pass: ldapPass, BaseDN: ldapBaseDN}
initRouter(r, &ldap)
2022-10-09 09:16:23 +02:00
if doTls {
r.RunTLS(listen, tlsCert, tlsPrivKey)
} else {
r.Run(listen)
}
2022-10-08 18:52:11 +02:00
}