package main import ( "bufio" "bytes" "crypto/sha256" "crypto/tls" "encoding/json" "fmt" "github.com/dgrijalva/jwt-go" "github.com/labstack/echo" "golang.org/x/crypto/ssh" "io/ioutil" "log" "net/http" "net/url" "regexp" "strings" ) type handler struct{} type userInfo struct { Error interface{} `json:"error"` ID int `json:"id"` Principal string `json:"principal"` Result struct { Result struct { Cn []string `json:"cn"` Displayname []string `json:"displayname"` Dn string `json:"dn"` Gecos []string `json:"gecos"` Gidnumber []string `json:"gidnumber"` Givenname []string `json:"givenname"` HasKeytab bool `json:"has_keytab"` HasPassword bool `json:"has_password"` Homedirectory []string `json:"homedirectory"` Initials []string `json:"initials"` Ipauniqueid []string `json:"ipauniqueid"` Krbcanonicalname []string `json:"krbcanonicalname"` Krbextradata []struct { Base64 string `json:"__base64__"` } `json:"krbextradata"` Krblastfailedauth []struct { Datetime string `json:"__datetime__"` } `json:"krblastfailedauth"` Krblastpwdchange []struct { Datetime string `json:"__datetime__"` } `json:"krblastpwdchange"` Krbloginfailedcount []string `json:"krbloginfailedcount"` Krbpasswordexpiration []struct { Datetime string `json:"__datetime__"` } `json:"krbpasswordexpiration"` Krbprincipalname []string `json:"krbprincipalname"` Krbpwdpolicyreference []string `json:"krbpwdpolicyreference"` Loginshell []string `json:"loginshell"` Mail []string `json:"mail"` MemberofGroup []string `json:"memberof_group"` Mepmanagedentry []string `json:"mepmanagedentry"` Mobile []string `json:"mobile"` Nsaccountlock bool `json:"nsaccountlock"` Objectclass []string `json:"objectclass"` Pager []string `json:"pager"` Preserved bool `json:"preserved"` Sn []string `json:"sn"` Telephonenumber []string `json:"telephonenumber"` UID []string `json:"uid"` Uidnumber []string `json:"uidnumber"` } `json:"result"` Summary interface{} `json:"summary"` Value string `json:"value"` } `json:"result"` Version string `json:"version"` } type ServiceList struct { TotalCount string `json:"TotalCount,omitempty"` ActiveCount string `json:"ActiveCount,omitempty"` ActiveVMCount string `json:"ActiveVMCount,omitempty"` TotalVMCount string `json:"TotalVMCount,omitempty"` } type user_findResult struct { Error interface{} `json:"error"` ID int `json:"id"` Principal string `json:"principal"` Result struct { Count int `json:"count"` Result []struct { Dn string `json:"dn"` Gidnumber []string `json:"gidnumber"` Givenname []string `json:"givenname"` Homedirectory []string `json:"homedirectory"` Krbcanonicalname []string `json:"krbcanonicalname"` Krbprincipalname []string `json:"krbprincipalname"` Loginshell []string `json:"loginshell"` Mail []string `json:"mail"` Nsaccountlock bool `json:"nsaccountlock"` Sn []string `json:"sn"` Telephonenumber []string `json:"telephonenumber"` UID []string `json:"uid"` Uidnumber []string `json:"uidnumber"` } `json:"result"` Summary string `json:"summary"` Truncated bool `json:"truncated"` } `json:"result"` Version string `json:"version"` } var User = userInfo{} func (h *handler) login(c echo.Context) error { username := c.FormValue("username") password := c.FormValue("password") _url := URL + "/ipa/session/login_password" method := "POST" params := url.Values{} params.Add("user", username) params.Add("password", password) payload := strings.NewReader(params.Encode()) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, _url, payload) audit("Recieved Login request from: " + RealIP) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/x-www-form-urlencoded") req.Header.Add("Accept", "text/plain") res, err := client.Do(req) cockie := res.Cookies() token := cockie[0].Raw ba := basicAuth(username, password) token = token + "Basic " + ba + ";" //fmt.Println("Token:", token) defer res.Body.Close() fmt.Println(res.StatusCode) if res.StatusCode == 200 { User = getUserInfo(token, username) //fmt.Println(user.Result) tokens, err := generateTokenPair(User, token) if err != nil { return err } return c.JSON(http.StatusOK, tokens) } return echo.ErrUnauthorized } func getUserInfo(token string, username string) userInfo { //fmt.Println("Checking for User: ", username) url := URL + "/ipa/session/json" method := "POST" _json := fmt.Sprintf(` { "method": "user_show", "params": [ [ "%s" ], { "all": true, "version": "2.215" } ], "id": 0 } `, username) payload := strings.NewReader(_json) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, url, payload) //fmt.Println("Request URI: ",req) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/json") req.Header.Add("Accept", "text/plain") req.Header.Add("Cookie", token) res, err := client.Do(req) body, err := ioutil.ReadAll(res.Body) defer res.Body.Close() user := userInfo{} err = json.Unmarshal(body, &user) if err != nil { fmt.Println(err) } //fmt.Println("Getting Data for User: ", user.Result.Result.Uidnumber) return user } func (h *handler) token(c echo.Context) error { user := c.Get("user").(*jwt.Token) claims := user.Claims.(jwt.MapClaims) _sha256 := sha256.Sum256([]byte(string(claims["name"].(string)))) var hashChannel_ = make(chan []byte, 1) hashChannel_ <- _sha256[:] token := decrypt(<-hashChannel_, claims["IPAToken"].(string)) username := claims["name"].(string) //fmt.Println("User: ",username) //fmt.Println("Token : ",token) _user := getUserInfo(token, username) //fmt.Println("User: ", _user.Result.Summary) newtokens, err := generateTokenPair(_user, token) if err != nil { return err } return c.JSON(http.StatusOK, newtokens) } func IntStringParser(str string) []string { re := regexp.MustCompile(`\s{1,}`) return strings.Split(re.ReplaceAllString(str, ","), ",") } func Connect(user, pass, host string, cmd string) bytes.Buffer { cipher := ssh.Config{ Ciphers: []string{"aes128-cbc", "3des-cbc", "aes192-cbc", "aes256-cbc"}, } config := &ssh.ClientConfig{ User: user, Auth: []ssh.AuthMethod{ ssh.Password(pass), }, HostKeyCallback: ssh.InsecureIgnoreHostKey(), Config: cipher, } conn, err := ssh.Dial("tcp", host, config) // time.Sleep(1) if err != nil { log.Fatal("Failed to dial: ", err) } sess, err := conn.NewSession() if err != nil { log.Fatal("Failed to create session: ", err) } stdin, err := sess.StdinPipe() if err != nil { log.Fatal("Failed to create session: ", err) } var bout bytes.Buffer var berr bytes.Buffer sess.Stdout = &bout sess.Stderr = &berr sess.Shell() fmt.Fprintf(stdin, "%s\n", "terminal length 0") fmt.Fprintf(stdin, "%s\n", cmd) fmt.Fprintf(stdin, "\nexit\n") fmt.Fprintf(stdin, "exit\n") sess.Wait() sess.Close() // scanner := bufio.NewScanner(&bout) // for scanner.Scan() { // fmt.Println(scanner.Text()) // } // fmt.Println(bout.String()) return bout } func (h *handler) findMAC(c echo.Context) error { //user := c.Get("user").(*jwt.Token) //claims := user.Claims.(jwt.MapClaims) //name := claims["name"].(string) HOSTNAMEPORT := c.FormValue("HOSTNAMEPORT") SERVERURI := c.FormValue("SERVERURI") result1 := Connect("rancid", "JDACy6wK*yW%meQ", HOSTNAMEPORT, "sh int status") intDesc := SERVERURI var IntString string scanner := bufio.NewScanner(&result1) var IntName string var IntMAC string // var IntName, IntStatus, IntVLAN, IntDuplex, IntSpeed, IntType string for scanner.Scan() { if strings.Contains(scanner.Text(), intDesc) { IntString = scanner.Text() IntName = IntStringParser(IntString)[0] break } } result1 = Connect("rancid", "JDACy6wK*yW%meQ", HOSTNAMEPORT, "sh mac address-table int "+IntName) scanner = bufio.NewScanner(&result1) for scanner.Scan() { if strings.Contains(scanner.Text(), IntName) { if strings.Contains(scanner.Text(), "mac") { continue } //fmt.Println(scanner.Text()) IntString = scanner.Text() //fmt.Println("len: ", len(IntStringParser(IntString)) ) if len(IntStringParser(IntString)) < 3 { id, code := uuidgen("findMAC") resp := _response{ Origin: "findMAC", Message: "", Code: code, Uuid: id, } return c.JSON(http.StatusNotFound, resp) } IntMAC = IntStringParser(IntString)[2] } } //fmt.Println(IntMAC) //return c.String(http.StatusOK, "Welcome "+IntMAC+"!") id, code := uuidgen("findMAC") resp := _response{ Origin: "findMAC", Message: macParser(IntMAC), Code: code, Uuid: id, } return c.JSON(http.StatusOK, resp) } func macParser(str string) string { if len(str) < 12 { return "ERROR" } _str := strings.Split(str, ".") __str := _str[0] + _str[1] + _str[2] ___str := __str[0:2] + ":" + __str[2:4] + ":" + __str[4:6] + ":" + __str[6:8] + ":" + __str[8:10] + ":" + __str[10:12] return strings.ToUpper(___str) }