yo/mynettcptable
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

go fmt

Browse Source
This commit is contained in:
yo 2022-05-13 10:42:47 +02:00
parent 3267a19888
commit b9807f0ba7
1 changed files with 45 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
mynettcptable.go
View File

@ -7,22 +7,22 @@
package main package main
import ( import (
"os"
"fmt" "fmt"
"net" "net"
// "log" "os"
// "log"
"errors"
"flag" "flag"
"log/syslog"
"strings"
"sync" "sync"
"time" "time"
"errors"
"strings"
"log/syslog"
"github.com/tabalt/pidfile"
"github.com/go-ldap/ldap/v3" "github.com/go-ldap/ldap/v3"
"github.com/peterbourgon/ff" "github.com/peterbourgon/ff"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
lSyslog "github.com/sirupsen/logrus/hooks/syslog" lSyslog "github.com/sirupsen/logrus/hooks/syslog"
"github.com/tabalt/pidfile"
) )
const ( const (
@ -30,26 +30,26 @@ const (
) )
var ( var (
logstream *logrus.Logger logstream *logrus.Logger
conLdap *ldap.Conn conLdap *ldap.Conn
mutex sync.Mutex mutex sync.Mutex
logTo *string logTo *string
logLevel *string logLevel *string
listen *string listen *string
ldapURL *string ldapURL *string
ldapBaseDN *string ldapBaseDN *string
ldapUser *string ldapUser *string
ldapPass *string ldapPass *string
refreshInterval *int refreshInterval *int
pidFilePath *string pidFilePath *string
timeout *int timeout *int
netCache []NoAuthNet netCache []NoAuthNet
) )
type NoAuthNet struct { type NoAuthNet struct {
Net *net.IPNet Net *net.IPNet
Present bool Present bool
} }
// Test if a net is present in cache, and set "Present" flag to true // Test if a net is present in cache, and set "Present" flag to true
@ -95,7 +95,6 @@ func unsetNetCachePresentFlag() {
} }
} }
func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error { func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
attribute := "ipNetworkNumber" attribute := "ipNetworkNumber"
@ -117,17 +116,13 @@ func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
logstream.Info(fmt.Sprintf("Error searching into LDAP: Attribute %s not found for entry %s\n", attribute, r)) logstream.Info(fmt.Sprintf("Error searching into LDAP: Attribute %s not found for entry %s\n", attribute, r))
continue continue
} else { } else {
// Explode the network to individual IPs
// 1: Verify format : Either CIDR, or netmask is in ipNetworkMask (do we want to support this?)
// 2: n := iplib.NewNet4(net.ParseIP("192.168.0.0"), 16)
// n.Enumerate(
_, ipnet, err := net.ParseCIDR(r.Attributes[0].Values[0]) _, ipnet, err := net.ParseCIDR(r.Attributes[0].Values[0])
if err != nil { if err != nil {
logstream.Info(err.Error()) logstream.Info(err.Error())
continue continue
} }
if false == checkNetCacheContainsAndFlag(ipnet) { if false == checkNetCacheContainsAndFlag(ipnet) {
netCache = append(netCache, NoAuthNet{ Net: ipnet, Present: true }) netCache = append(netCache, NoAuthNet{Net: ipnet, Present: true})
} }
} }
} }
@ -143,13 +138,12 @@ func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
return nil return nil
} }
func isIPContainedInNetCache(string_ip string) (bool, error) { func isIPContainedInNetCache(string_ip string) (bool, error) {
ip := net.ParseIP(string_ip) ip := net.ParseIP(string_ip)
if ip == nil { if ip == nil {
return false, errors.New(fmt.Sprintf("Invalid IP: %s", string_ip)) return false, errors.New(fmt.Sprintf("Invalid IP: %s", string_ip))
} }
for _, n := range netCache { for _, n := range netCache {
if n.Net.Contains(ip) { if n.Net.Contains(ip) {
return true, nil return true, nil
@ -162,7 +156,7 @@ func isIPContainedInNetCache(string_ip string) (bool, error) {
func handleConnection(connClt net.Conn, conLdap *ldap.Conn) { func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
buf := make([]byte, 1024) buf := make([]byte, 1024)
// TODO : Maybe keep it open and process following requests? See "warning: read TCP map reply from srv-ldap:8080: unexpected EOF (Application error)" // TODO : Maybe keep it open and process following requests? See "warning: read TCP map reply from srv-ldap:8080: unexpected EOF (Application error)"
// Close client connection when this function ends // Close client connection when this function ends
defer func() { defer func() {
logstream.Debug("Closing connection") logstream.Debug("Closing connection")
@ -175,7 +169,7 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
// Set a deadline for reading. Read operation will fail if no data // Set a deadline for reading. Read operation will fail if no data
// is received after deadline. // is received after deadline.
connClt.SetReadDeadline(time.Now().Add(timeoutDuration)) connClt.SetReadDeadline(time.Now().Add(timeoutDuration))
readlen, err := connClt.Read(buf) readlen, err := connClt.Read(buf)
if err != nil { if err != nil {
// 10/05/2022 : Drop this conn if client closed connection or timeout occured // 10/05/2022 : Drop this conn if client closed connection or timeout occured
@ -214,11 +208,11 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
// "set loglevel level" sent on listening port will set current loglevel // "set loglevel level" sent on listening port will set current loglevel
if readlen > 14 && strings.EqualFold(string(buf[:12]), "set loglevel") { if readlen > 14 && strings.EqualFold(string(buf[:12]), "set loglevel") {
logstream.Infof("Received \"%s\" instruction from %s", string(buf[:readlen-1]), connClt.RemoteAddr().String()) logstream.Infof("Received \"%s\" instruction from %s", string(buf[:readlen-1]), connClt.RemoteAddr().String())
level, err := logrus.ParseLevel(string(buf[13:readlen-1])) level, err := logrus.ParseLevel(string(buf[13 : readlen-1]))
if err != nil { if err != nil {
sendResponse(connClt, fmt.Sprintf("Invalid log level: %s", string(buf[13:readlen-1])), 500) sendResponse(connClt, fmt.Sprintf("Invalid log level: %s", string(buf[13:readlen-1])), 500)
} else { } else {
logstream.Level = level logstream.Level = level
sendResponse(connClt, "loglevel set", 200) sendResponse(connClt, "loglevel set", 200)
} }
continue continue
@ -230,7 +224,7 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
sendResponse(connClt, fmt.Sprintf("Invalid request: %s", buf[:readlen-1]), 500) sendResponse(connClt, fmt.Sprintf("Invalid request: %s", buf[:readlen-1]), 500)
continue continue
} }
ip := string(buf[4:readlen-1]) ip := string(buf[4 : readlen-1])
// First query netCache built with ipNetworkNumber // First query netCache built with ipNetworkNumber
res, err := isIPContainedInNetCache(ip) res, err := isIPContainedInNetCache(ip)
@ -239,14 +233,14 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
sendResponse(connClt, err.Error(), 500) sendResponse(connClt, err.Error(), 500)
continue continue
} }
// IP is allowed, return the IP with code 200 // IP is allowed, return the IP with code 200
if res == true { if res == true {
sendResponse(connClt, ip, 200) sendResponse(connClt, ip, 200)
continue continue
} }
// Then, if no result, query LDAP for exact IP // Then, if no result, query LDAP for exact IP
filter := fmt.Sprintf("(ipHostNumber=%s)", ldap.EscapeFilter(ip)) filter := fmt.Sprintf("(ipHostNumber=%s)", ldap.EscapeFilter(ip))
searchReq := ldap.NewSearchRequest(*ldapBaseDN, ldap.ScopeWholeSubtree, 0, 0, 0, searchReq := ldap.NewSearchRequest(*ldapBaseDN, ldap.ScopeWholeSubtree, 0, 0, 0,
false, filter, []string{"ipHostNumber"}, []ldap.Control{}) false, filter, []string{"ipHostNumber"}, []ldap.Control{})
@ -264,7 +258,7 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
if len(result.Entries) > 1 { if len(result.Entries) > 1 {
logstream.Infof("More than one match for IP %s", ip) logstream.Infof("More than one match for IP %s", ip)
} }
sendResponse(connClt, ip, 200) sendResponse(connClt, ip, 200)
} }
@ -391,17 +385,17 @@ func main() {
if strings.EqualFold(*logTo, "syslog") { if strings.EqualFold(*logTo, "syslog") {
// level != priority // level != priority
prio := syslog.LOG_MAIL prio := syslog.LOG_MAIL
switch (*logLevel) { switch *logLevel {
case "fatal": case "fatal":
prio += syslog.LOG_CRIT prio += syslog.LOG_CRIT
case "error": case "error":
prio += syslog.LOG_ERR prio += syslog.LOG_ERR
case "warn": case "warn":
prio += syslog.LOG_WARNING prio += syslog.LOG_WARNING
case "info": case "info":
prio += syslog.LOG_INFO prio += syslog.LOG_INFO
case "debug": case "debug":
prio += syslog.LOG_DEBUG prio += syslog.LOG_DEBUG
} }
hook, err := lSyslog.NewSyslogHook("", "", prio, "mynettcptable") hook, err := lSyslog.NewSyslogHook("", "", prio, "mynettcptable")
if err != nil { if err != nil {
@ -422,4 +416,3 @@ func main() {
logstream.Infof("Start listening for incoming connections on %s\n", *listen) logstream.Infof("Start listening for incoming connections on %s\n", *listen)
run() run()
} }