Compare commits
4 Commits
v1.0.0-rc
...
v1.0.0-rc2
| Author | SHA1 | Date | |
|---|---|---|---|
| a84e22ce61 | |||
| 365b7b9792 | |||
| b2fff3789b | |||
| b9807f0ba7 |
30
LICENSE
Normal file
30
LICENSE
Normal file
@ -0,0 +1,30 @@
|
||||
Copyright (C) 2020, yo000 <johan@nosd.in>
|
||||
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
|
||||
- Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
- Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
- Neither the name of the Mumble Developers nor the names of its
|
||||
contributors may be used to endorse or promote products derived from this
|
||||
software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
`AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
|
||||
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
@ -5,3 +5,5 @@ ldapUser cn=mynettcptable,ou=services,dc=example,dc=org
|
||||
ldapPass here_lies_the_password
|
||||
# networks cache refresh interval
|
||||
refresh 300
|
||||
# Inactive connection timeout
|
||||
timeout 30
|
||||
|
||||
103
mynettcptable.go
103
mynettcptable.go
@ -7,49 +7,49 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
"fmt"
|
||||
"net"
|
||||
// "log"
|
||||
"os"
|
||||
// "log"
|
||||
"errors"
|
||||
"flag"
|
||||
"log/syslog"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
"errors"
|
||||
"strings"
|
||||
"log/syslog"
|
||||
|
||||
"github.com/tabalt/pidfile"
|
||||
"github.com/go-ldap/ldap/v3"
|
||||
"github.com/peterbourgon/ff"
|
||||
"github.com/sirupsen/logrus"
|
||||
lSyslog "github.com/sirupsen/logrus/hooks/syslog"
|
||||
"github.com/tabalt/pidfile"
|
||||
)
|
||||
|
||||
const (
|
||||
version = "1.0.0-rc"
|
||||
version = "1.0.0-rc2"
|
||||
)
|
||||
|
||||
var (
|
||||
logstream *logrus.Logger
|
||||
conLdap *ldap.Conn
|
||||
mutex sync.Mutex
|
||||
logTo *string
|
||||
logLevel *string
|
||||
listen *string
|
||||
ldapURL *string
|
||||
ldapBaseDN *string
|
||||
ldapUser *string
|
||||
ldapPass *string
|
||||
refreshInterval *int
|
||||
pidFilePath *string
|
||||
timeout *int
|
||||
logstream *logrus.Logger
|
||||
conLdap *ldap.Conn
|
||||
mutex sync.Mutex
|
||||
logTo *string
|
||||
logLevel *string
|
||||
listen *string
|
||||
ldapURL *string
|
||||
ldapBaseDN *string
|
||||
ldapUser *string
|
||||
ldapPass *string
|
||||
refreshInterval *int
|
||||
pidFilePath *string
|
||||
timeout *int
|
||||
|
||||
netCache []NoAuthNet
|
||||
netCache []NoAuthNet
|
||||
)
|
||||
|
||||
type NoAuthNet struct {
|
||||
Net *net.IPNet
|
||||
Present bool
|
||||
Net *net.IPNet
|
||||
Present bool
|
||||
}
|
||||
|
||||
// Test if a net is present in cache, and set "Present" flag to true
|
||||
@ -95,7 +95,6 @@ func unsetNetCachePresentFlag() {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
|
||||
attribute := "ipNetworkNumber"
|
||||
|
||||
@ -117,17 +116,13 @@ func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
|
||||
logstream.Info(fmt.Sprintf("Error searching into LDAP: Attribute %s not found for entry %s\n", attribute, r))
|
||||
continue
|
||||
} else {
|
||||
// Explode the network to individual IPs
|
||||
// 1: Verify format : Either CIDR, or netmask is in ipNetworkMask (do we want to support this?)
|
||||
// 2: n := iplib.NewNet4(net.ParseIP("192.168.0.0"), 16)
|
||||
// n.Enumerate(
|
||||
_, ipnet, err := net.ParseCIDR(r.Attributes[0].Values[0])
|
||||
if err != nil {
|
||||
logstream.Info(err.Error())
|
||||
continue
|
||||
}
|
||||
if false == checkNetCacheContainsAndFlag(ipnet) {
|
||||
netCache = append(netCache, NoAuthNet{ Net: ipnet, Present: true })
|
||||
netCache = append(netCache, NoAuthNet{Net: ipnet, Present: true})
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -143,13 +138,12 @@ func buildNetCacheFromIPNetwork(conLdap *ldap.Conn) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
func isIPContainedInNetCache(string_ip string) (bool, error) {
|
||||
ip := net.ParseIP(string_ip)
|
||||
if ip == nil {
|
||||
return false, errors.New(fmt.Sprintf("Invalid IP: %s", string_ip))
|
||||
}
|
||||
|
||||
|
||||
for _, n := range netCache {
|
||||
if n.Net.Contains(ip) {
|
||||
return true, nil
|
||||
@ -162,7 +156,7 @@ func isIPContainedInNetCache(string_ip string) (bool, error) {
|
||||
func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
|
||||
buf := make([]byte, 1024)
|
||||
|
||||
// TODO : Maybe keep it open and process following requests? See "warning: read TCP map reply from srv-ldap:8080: unexpected EOF (Application error)"
|
||||
// TODO : Maybe keep it open and process following requests? See "warning: read TCP map reply from srv-ldap:8080: unexpected EOF (Application error)"
|
||||
// Close client connection when this function ends
|
||||
defer func() {
|
||||
logstream.Debug("Closing connection")
|
||||
@ -175,7 +169,7 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
|
||||
// Set a deadline for reading. Read operation will fail if no data
|
||||
// is received after deadline.
|
||||
connClt.SetReadDeadline(time.Now().Add(timeoutDuration))
|
||||
|
||||
|
||||
readlen, err := connClt.Read(buf)
|
||||
if err != nil {
|
||||
// 10/05/2022 : Drop this conn if client closed connection or timeout occured
|
||||
@ -183,8 +177,6 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
|
||||
if err.Error() != "EOF" && !strings.HasSuffix(err.Error(), "i/o timeout") {
|
||||
logstream.Errorf("Error reading connection: %v\n", err.Error())
|
||||
}
|
||||
//sendResponse(connClt, err.Error(), 500)
|
||||
//continue
|
||||
return
|
||||
}
|
||||
|
||||
@ -214,11 +206,11 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
|
||||
// "set loglevel level" sent on listening port will set current loglevel
|
||||
if readlen > 14 && strings.EqualFold(string(buf[:12]), "set loglevel") {
|
||||
logstream.Infof("Received \"%s\" instruction from %s", string(buf[:readlen-1]), connClt.RemoteAddr().String())
|
||||
level, err := logrus.ParseLevel(string(buf[13:readlen-1]))
|
||||
if err != nil {
|
||||
level, err := logrus.ParseLevel(string(buf[13 : readlen-1]))
|
||||
if err != nil {
|
||||
sendResponse(connClt, fmt.Sprintf("Invalid log level: %s", string(buf[13:readlen-1])), 500)
|
||||
} else {
|
||||
logstream.Level = level
|
||||
} else {
|
||||
logstream.Level = level
|
||||
sendResponse(connClt, "loglevel set", 200)
|
||||
}
|
||||
continue
|
||||
@ -230,7 +222,7 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
|
||||
sendResponse(connClt, fmt.Sprintf("Invalid request: %s", buf[:readlen-1]), 500)
|
||||
continue
|
||||
}
|
||||
ip := string(buf[4:readlen-1])
|
||||
ip := string(buf[4 : readlen-1])
|
||||
|
||||
// First query netCache built with ipNetworkNumber
|
||||
res, err := isIPContainedInNetCache(ip)
|
||||
@ -239,14 +231,14 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
|
||||
sendResponse(connClt, err.Error(), 500)
|
||||
continue
|
||||
}
|
||||
|
||||
|
||||
// IP is allowed, return the IP with code 200
|
||||
if res == true {
|
||||
sendResponse(connClt, ip, 200)
|
||||
continue
|
||||
}
|
||||
|
||||
// Then, if no result, query LDAP for exact IP
|
||||
// Then, if no result, query LDAP for exact IP
|
||||
filter := fmt.Sprintf("(ipHostNumber=%s)", ldap.EscapeFilter(ip))
|
||||
searchReq := ldap.NewSearchRequest(*ldapBaseDN, ldap.ScopeWholeSubtree, 0, 0, 0,
|
||||
false, filter, []string{"ipHostNumber"}, []ldap.Control{})
|
||||
@ -264,7 +256,7 @@ func handleConnection(connClt net.Conn, conLdap *ldap.Conn) {
|
||||
if len(result.Entries) > 1 {
|
||||
logstream.Infof("More than one match for IP %s", ip)
|
||||
}
|
||||
|
||||
|
||||
sendResponse(connClt, ip, 200)
|
||||
|
||||
}
|
||||
@ -391,17 +383,17 @@ func main() {
|
||||
if strings.EqualFold(*logTo, "syslog") {
|
||||
// level != priority
|
||||
prio := syslog.LOG_MAIL
|
||||
switch (*logLevel) {
|
||||
case "fatal":
|
||||
prio += syslog.LOG_CRIT
|
||||
case "error":
|
||||
prio += syslog.LOG_ERR
|
||||
case "warn":
|
||||
prio += syslog.LOG_WARNING
|
||||
case "info":
|
||||
prio += syslog.LOG_INFO
|
||||
case "debug":
|
||||
prio += syslog.LOG_DEBUG
|
||||
switch *logLevel {
|
||||
case "fatal":
|
||||
prio += syslog.LOG_CRIT
|
||||
case "error":
|
||||
prio += syslog.LOG_ERR
|
||||
case "warn":
|
||||
prio += syslog.LOG_WARNING
|
||||
case "info":
|
||||
prio += syslog.LOG_INFO
|
||||
case "debug":
|
||||
prio += syslog.LOG_DEBUG
|
||||
}
|
||||
hook, err := lSyslog.NewSyslogHook("", "", prio, "mynettcptable")
|
||||
if err != nil {
|
||||
@ -417,9 +409,6 @@ func main() {
|
||||
defer pid.Clear()
|
||||
}
|
||||
|
||||
//defer logstream.Close()
|
||||
|
||||
logstream.Infof("Start listening for incoming connections on %s\n", *listen)
|
||||
run()
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user