summaryrefslogtreecommitdiff
path: root/pkg/auth/sip2
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/auth/sip2')
-rw-r--r--pkg/auth/sip2/auth.go115
-rw-r--r--pkg/auth/sip2/client.go69
-rw-r--r--pkg/auth/sip2/spec.go15
-rw-r--r--pkg/auth/sip2/telnet.go15
4 files changed, 134 insertions, 80 deletions
diff --git a/pkg/auth/sip2/auth.go b/pkg/auth/sip2/auth.go
index 9c01c28..47733c2 100644
--- a/pkg/auth/sip2/auth.go
+++ b/pkg/auth/sip2/auth.go
@@ -1,33 +1,46 @@
+// Copyright (C) 2019 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
package sip2
import (
- "encoding/json"
- "github.com/dgrijalva/jwt-go"
+ "errors"
"log"
- "net/http"
"os"
- "time"
"0xacab.org/leap/vpnweb/pkg/config"
)
-const sipUserVar string = "VPNWEB_SIP_USER"
-const sipPassVar string = "VPNWEB_SIP_PASS"
-const sipPortVar string = "VPNWEB_SIP_PORT"
-const sipHostVar string = "VPNWEB_SIP_HOST"
-const sipLibrLocVar string = "VPNWEB_SIP_LIBR_LOCATION"
-const sipTerminatorVar string = "VPNWEB_SIP_TERMINATOR"
-const sipDefaultTerminator string = "\r\n"
-
-type Credentials struct {
- User string
- Password string
-}
+const (
+ sipUserVar string = "VPNWEB_SIP_USER"
+ sipPassVar string = "VPNWEB_SIP_PASS"
+ sipPortVar string = "VPNWEB_SIP_PORT"
+ sipHostVar string = "VPNWEB_SIP_HOST"
+ sipLibrLocVar string = "VPNWEB_SIP_LIBR_LOCATION"
+ sipTerminatorVar string = "VPNWEB_SIP_TERMINATOR"
+ sipDefaultTerminator string = "\r\n"
+)
-func getConfigFromEnv(envVar string) string {
+func getConfigFromEnv(envVar, defaultVar string) string {
val, exists := os.LookupEnv(envVar)
if !exists {
- log.Fatal("Need to set required env var:", envVar)
+ if defaultVar == "" {
+ log.Fatal("Need to set required env var: ", envVar)
+ } else {
+ return defaultVar
+ }
}
return val
}
@@ -41,60 +54,40 @@ func setupTerminatorFromEnv() {
}
}
-func SipAuthenticator(opts *config.Opts) http.HandlerFunc {
-
+func initializeSipConnection(skipConnect bool) (sipClient, error) {
log.Println("Initializing SIP2 authenticator")
- SipUser := getConfigFromEnv(sipUserVar)
- SipPass := getConfigFromEnv(sipPassVar)
- SipHost := getConfigFromEnv(sipHostVar)
- SipPort := getConfigFromEnv(sipPortVar)
- SipLibrLoc := getConfigFromEnv(sipLibrLocVar)
+ user := getConfigFromEnv(sipUserVar, "")
+ pass := getConfigFromEnv(sipPassVar, "")
+ host := getConfigFromEnv(sipHostVar, "localhost")
+ port := getConfigFromEnv(sipPortVar, "6001")
+ loc := getConfigFromEnv(sipLibrLocVar, "")
setupTerminatorFromEnv()
- sip := NewClient(SipHost, SipPort, SipLibrLoc)
+ sip := newClient(host, port, loc)
+
+ if skipConnect {
+ // mainly for testing purposes at the moment
+ return sip, nil
+ }
ok, err := sip.Connect()
if err != nil {
- log.Fatal("Cannot connect sip client")
+ return sip, err
}
- ok = sip.Login(SipUser, SipPass)
+ ok = sip.Login(user, pass)
if !ok {
- log.Fatal("Error on SIP login")
- } else {
- log.Println("SIP login ok")
+ return sip, errors.New("SIP login error")
}
+ return sip, nil
+}
- var authTokenHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- var c Credentials
-
- err := json.NewDecoder(r.Body).Decode(&c)
- if err != nil {
- log.Println("Auth request did not send valid json")
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
-
- if c.User == "" || c.Password == "" {
- log.Println("Auth request did not include user or password")
- http.Error(w, "missing user and/or password", http.StatusBadRequest)
- return
- }
-
- valid := sip.CheckCredentials(c.User, c.Password)
- if !valid {
- log.Println("Wrong auth for user", c.User)
- http.Error(w, "wrong user and/or password", http.StatusUnauthorized)
- return
- }
+func GetAuthenticator(opts *config.Opts, skipConnect bool) *sipClient {
- log.Println("Valid auth for user", c.User)
- token := jwt.New(jwt.SigningMethodHS256)
- claims := token.Claims.(jwt.MapClaims)
- claims["exp"] = time.Now().Add(time.Hour * 24).Unix()
- tokenString, _ := token.SignedString([]byte(opts.AuthSecret))
- w.Write([]byte(tokenString))
- })
- return authTokenHandler
+ sip, err := initializeSipConnection(skipConnect)
+ if err != nil {
+ log.Fatal("Cannot initialize sip:", err)
+ }
+ return &sip
}
diff --git a/pkg/auth/sip2/client.go b/pkg/auth/sip2/client.go
index 7116a84..9adf218 100644
--- a/pkg/auth/sip2/client.go
+++ b/pkg/auth/sip2/client.go
@@ -1,31 +1,50 @@
+// Copyright (C) 2019 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
package sip2
import (
+ "0xacab.org/leap/vpnweb/pkg/auth/creds"
"fmt"
"github.com/reiver/go-telnet"
"log"
"time"
)
-const loginRequestTemplate string = "9300CN%s|CO%s|CP%s|"
-const statusRequestTemplate string = "23000%s %sAO%s|AA%s|AD%s|"
+const (
+ Label string = "sip2"
+ loginRequestTemplate string = "9300CN%s|CO%s|CP%s|"
+ statusRequestTemplate string = "23000%s %sAO%s|AA%s|AD%s|"
+)
-type Client struct {
- Host string
- Port string
+type sipClient struct {
+ host string
+ port string
location string
conn *telnet.Conn
parser *Parser
}
-func NewClient(host, port, location string) Client {
- c := Client{host, port, location, nil, nil}
+func newClient(host, port, location string) sipClient {
+ c := sipClient{host, port, location, nil, nil}
c.parser = getParser()
return c
}
-func (c *Client) Connect() (bool, error) {
- conn, err := telnet.DialTo(c.Host + ":" + c.Port)
+func (c *sipClient) Connect() (bool, error) {
+ conn, err := telnet.DialTo(c.host + ":" + c.port)
if nil != err {
log.Println("error", err)
return false, err
@@ -34,7 +53,7 @@ func (c *Client) Connect() (bool, error) {
return true, nil
}
-func (c *Client) Login(user, pass string) bool {
+func (c *sipClient) Login(user, pass string) bool {
loginStr := fmt.Sprintf(loginRequestTemplate, user, pass, c.location)
if nil == c.conn {
fmt.Println("error! null connection")
@@ -42,14 +61,31 @@ func (c *Client) Login(user, pass string) bool {
telnetSend(c.conn, loginStr)
loginResp := telnetRead(c.conn)
msg := c.parseResponse(loginResp)
- if value, ok := c.parser.getFixedFieldValue(msg, Ok); ok && value == TRUE {
+ if value, ok := c.parser.getFixedFieldValue(msg, okVal); ok && value == trueVal {
return true
}
return false
}
-func (c *Client) CheckCredentials(user, passwd string) bool {
+func (c *sipClient) parseResponse(txt string) *message {
+ msg := c.parser.parseMessage(txt)
+ return msg
+}
+
+/* Authenticator interface */
+
+func (c *sipClient) GetLabel() string {
+ return Label
+}
+
+func (c *sipClient) NeedsCredentials() bool {
+ return true
+}
+
+func (c *sipClient) CheckCredentials(credentials *creds.Credentials) bool {
currentTime := time.Now()
+ user := credentials.User
+ passwd := credentials.Password
statusRequest := fmt.Sprintf(
statusRequestTemplate,
currentTime.Format("20060102"),
@@ -58,8 +94,8 @@ func (c *Client) CheckCredentials(user, passwd string) bool {
telnetSend(c.conn, statusRequest)
statusMsg := c.parseResponse(telnetRead(c.conn))
- if value, ok := c.parser.getFieldValue(statusMsg, ValidPatron); ok && value == YES {
- if value, ok := c.parser.getFieldValue(statusMsg, ValidPatronPassword); ok && value == YES {
+ if value, ok := c.parser.getFieldValue(statusMsg, validPatron); ok && value == yes {
+ if value, ok := c.parser.getFieldValue(statusMsg, validPatronPassword); ok && value == yes {
return true
}
}
@@ -67,8 +103,3 @@ func (c *Client) CheckCredentials(user, passwd string) bool {
// TODO log whatever error we can find (AF, Screen Message, for instance)
return false
}
-
-func (c *Client) parseResponse(txt string) *Message {
- msg := c.parser.parseMessage(txt)
- return msg
-}
diff --git a/pkg/auth/sip2/spec.go b/pkg/auth/sip2/spec.go
index af65b33..09561e6 100644
--- a/pkg/auth/sip2/spec.go
+++ b/pkg/auth/sip2/spec.go
@@ -1,3 +1,18 @@
+// Copyright (C) 2019 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
package sip2
import (
diff --git a/pkg/auth/sip2/telnet.go b/pkg/auth/sip2/telnet.go
index ae5004e..7d8c4fa 100644
--- a/pkg/auth/sip2/telnet.go
+++ b/pkg/auth/sip2/telnet.go
@@ -1,3 +1,18 @@
+// Copyright (C) 2019 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
package sip2
import (