package main import ( "crypto/sha256" "crypto/tls" "encoding/json" "fmt" "github.com/dgrijalva/jwt-go" "github.com/labstack/echo" "io/ioutil" "net/http" "net/url" "strings" "time" ) type handler struct{} type userInfo struct { Result struct { Result struct { Sshpubkeyfp []string `json:"sshpubkeyfp"` HasKeytab bool `json:"has_keytab"` Ipasshpubkey []string `json:"ipasshpubkey"` Cn []string `json:"cn"` Krbcanonicalname []string `json:"krbcanonicalname"` Krbticketflags []string `json:"krbticketflags"` MemberofGroup []string `json:"memberof_group"` HasPassword bool `json:"has_password"` Homedirectory []string `json:"homedirectory"` Nsaccountlock bool `json:"nsaccountlock"` UID []string `json:"uid"` Title []string `json:"title"` Loginshell []string `json:"loginshell"` Uidnumber []string `json:"uidnumber"` Preserved bool `json:"preserved"` Krbextradata []struct { Base64 string `json:"__base64__"` } `json:"krbextradata"` Mail []string `json:"mail"` MemberofindirectHbacrule []string `json:"memberofindirect_hbacrule"` Dn string `json:"dn"` Displayname []string `json:"displayname"` Mepmanagedentry []string `json:"mepmanagedentry"` Ipauniqueid []string `json:"ipauniqueid"` Krbloginfailedcount []string `json:"krbloginfailedcount"` Krbpwdpolicyreference []string `json:"krbpwdpolicyreference"` Krbprincipalname []string `json:"krbprincipalname"` Givenname []string `json:"givenname"` Krblastadminunlock []struct { Datetime string `json:"__datetime__"` } `json:"krblastadminunlock"` Krbpasswordexpiration []struct { Datetime string `json:"__datetime__"` } `json:"krbpasswordexpiration"` Krblastfailedauth []struct { Datetime string `json:"__datetime__"` } `json:"krblastfailedauth"` Objectclass []string `json:"objectclass"` Gidnumber []string `json:"gidnumber"` Gecos []string `json:"gecos"` Sn []string `json:"sn"` MemberofSudorule []string `json:"memberof_sudorule"` Krblastpwdchange []struct { Datetime string `json:"__datetime__"` } `json:"krblastpwdchange"` Initials []string `json:"initials"` } `json:"result"` Value string `json:"value"` Summary interface{} `json:"summary"` } `json:"result"` Version string `json:"version"` Error interface{} `json:"error"` ID int `json:"id"` Principal string `json:"principal"` } func (h *handler) login(c echo.Context) error { username := c.FormValue("username") password := c.FormValue("password") _url := URL + "/ipa/session/login_password" method := "POST" params := url.Values{} params.Add("user", username) params.Add("password", password) payload := strings.NewReader(params.Encode()) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, _url, payload) audit("Recieved Login request from: " + RealIP) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/x-www-form-urlencoded") req.Header.Add("Accept", "text/plain") res, err := client.Do(req) cockie := res.Cookies() token := cockie[0].Raw defer res.Body.Close() //fmt.Println(res.StatusCode) if res.StatusCode == 200 { user := getUserInfo(token, username) //fmt.Println(user.Result) tokens, err := generateTokenPair(user, token) if err != nil { return err } return c.JSON(http.StatusOK, tokens) } return echo.ErrUnauthorized } func getUserInfo(token string, username string) userInfo { fmt.Println("Checking for User: ", username) url := URL + "/ipa/session/json" method := "POST" _json := fmt.Sprintf(` { "method": "user_show", "params": [ [ "%s" ], { "all": true, "version": "2.215" } ], "id": 0 } `, username) payload := strings.NewReader(_json) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/json") req.Header.Add("Accept", "text/plain") req.Header.Add("Cookie", token) res, err := client.Do(req) defer res.Body.Close() body, err := ioutil.ReadAll(res.Body) user := userInfo{} json.Unmarshal(body, &user) return user } func (h *handler) private(c echo.Context) error { user := c.Get("user").(*jwt.Token) claims := user.Claims.(jwt.MapClaims) name := claims["name"].(string) return c.String(http.StatusOK, "Welcome "+name+"!") } func (h *handler) addUser(c echo.Context) error { type apiErr struct { Result interface{} `json:"result"` Error struct { Code int `json:"code"` Message string `json:"message"` Data struct { } `json:"data"` Name string `json:"name"` } `json:"error"` ID int `json:"id"` Principal string `json:"principal"` Version string `json:"version"` } type addUser struct { Result struct { Result struct { Displayname []string `json:"displayname"` UID []string `json:"uid"` Uidnumber []string `json:"uidnumber"` Objectclass []string `json:"objectclass"` Sn []string `json:"sn"` Telephonenumber []string `json:"telephonenumber"` Cn []string `json:"cn"` Krbpasswordexpiration []struct { Datetime string `json:"__datetime__"` } `json:"krbpasswordexpiration"` Mobile []string `json:"mobile"` Krbprincipalname []string `json:"krbprincipalname"` Ipauniqueid []string `json:"ipauniqueid"` Givenname []string `json:"givenname"` Gidnumber []string `json:"gidnumber"` Krbcanonicalname []string `json:"krbcanonicalname"` Mail []string `json:"mail"` Initials []string `json:"initials"` Homedirectory []string `json:"homedirectory"` Loginshell []string `json:"loginshell"` Gecos []string `json:"gecos"` Randompassword string `json:"randompassword"` HasPassword bool `json:"has_password"` HasKeytab bool `json:"has_keytab"` MemberofGroup []string `json:"memberof_group"` Dn string `json:"dn"` } `json:"result"` Value string `json:"value"` Summary string `json:"summary"` } `json:"result"` Error string `json:"error"` ID int `json:"id"` Principal string `json:"principal"` Version string `json:"version"` } user := c.Get("user").(*jwt.Token) claims := user.Claims.(jwt.MapClaims) _sha256 := sha256.Sum256([]byte(string(claims["name"].(string)))) var hashChannel_ = make(chan []byte, 1) hashChannel_ <- _sha256[:] token := decrypt(<-hashChannel_, claims["IPAToken"].(string)) b, err := json.Marshal(claims) if err != nil { fmt.Println("err:", err) } username := c.FormValue("Username") sha256 := sha256.Sum256([]byte(username)) var hashChannel = make(chan []byte, 1) hashChannel <- sha256[:] ciphertext := encrypt(<-hashChannel, string(b)) //fmt.Println(b) //fmt.Println(ciphertext) sn := c.FormValue("Lname") cn := c.FormValue("FullName") givenname := c.FormValue("Fname") displayname := c.FormValue("displayname") krbpasswordexpiration := c.FormValue("krbpasswordexpiration") mail := c.FormValue("mail") telephonenumber := c.FormValue("telephonenumber") mobile := c.FormValue("mobile") _url := URL + "/ipa/session/json" method := "POST" _json := fmt.Sprintf(` { "id": 0, "method": "user_add/1", "params": [ [ "%s" ], { "givenname": "%s", "sn": "%s", "cn":"%s", "displayname":"%s", "loginshell":"/usr/sbin/nologin", "krbpasswordexpiration":"%s", "mail":"%s", "random":"true", "gidnumber":"599200001", "telephonenumber":"%s", "mobile":"%s", "version": "2.235" } ] } `, username, givenname, sn, cn, displayname, krbpasswordexpiration, mail, telephonenumber, mobile) __json := fmt.Sprintf(` { "id": 0, "method": "group_add_member/1", "params": [ [ "svcaccounts" ], { "user": [ "%s" ], "version": "2.235" } ] } `, username) payload := strings.NewReader(_json) _payload := strings.NewReader(__json) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, _url, payload) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/json") req.Header.Add("Accept", "text/plain") req.Header.Add("Cookie", token) res, err := client.Do(req) _req, _ := http.NewRequest(method, _url, _payload) _req.Header.Add("Referer", URL+"/ipa") _req.Header.Add("Content-Type", "application/json") _req.Header.Add("Accept", "text/plain") _req.Header.Add("Cookie", token) client.Do(_req) defer res.Body.Close() body, err := ioutil.ReadAll(res.Body) result := addUser{} _err := json.Unmarshal(body, &result) if _err != nil { _apiErr := apiErr{} __err := json.Unmarshal(body, &_apiErr) if __err != nil { return c.String(http.StatusBadRequest, "Error of error!!") } res2B, _ := json.Marshal(_apiErr) return c.String(http.StatusBadRequest, string(res2B)) } go sendMail("Welcome to ZiCloud\r\n Your temporary link is :\r\n https://zicloud.com/reset/"+url.QueryEscape(ciphertext), "Welcome to ZiCloud", mail) return c.String(http.StatusOK, "Done, Reset Link was sent to "+mail) } func (h *handler) disableUser(c echo.Context) error { user := c.Get("user").(*jwt.Token) claims := user.Claims.(jwt.MapClaims) _sha256 := sha256.Sum256([]byte(string(claims["name"].(string)))) var hashChannel_ = make(chan []byte, 1) hashChannel_ <- _sha256[:] token := decrypt(<-hashChannel_, claims["IPAToken"].(string)) username := c.FormValue("Username") url := URL + "/ipa/session/json" method := "POST" _json := fmt.Sprintf(` { "id": 0, "method": "user_disable/1", "params": [ [ "%s" ], { "version": "2.235" } ] } `, username) payload := strings.NewReader(_json) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/json") req.Header.Add("Accept", "text/plain") req.Header.Add("Cookie", token) res, err := client.Do(req) if err != nil { return c.String(http.StatusBadRequest, "Error"+err.Error()) } defer res.Body.Close() return c.String(http.StatusOK, "Done") } func (h *handler) resetUser(c echo.Context) error { type keyJson struct { IPAToken string `json:"IPAToken"` Admin bool `json:"admin"` Exp int `json:"exp"` Memberof []string `json:"memberof"` Name []string `json:"name"` Sub int `json:"sub"` } t := time.Now() //%Y%m%d%H%M%SZ t = t.Add(time.Hour * 24 * 60) username := c.FormValue("Username") password := c.FormValue("Password") key := c.FormValue("key") key, _ = url.QueryUnescape(key) sha256 := sha256.Sum256([]byte(username)) var hashChannel = make(chan []byte, 1) hashChannel <- sha256[:] plainkey := decrypt(<-hashChannel, key) _plainkey := keyJson{} json.Unmarshal([]byte(plainkey), &_plainkey) token := _plainkey.IPAToken _url := URL + "/ipa/session/json" method := "POST" _json := fmt.Sprintf(` { "id": 0, "method": "user_mod/1", "params": [ [ "%s" ], { "userpassword":"%s", "version": "2.235" } ] } `, username, password) payload := strings.NewReader(_json) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, _url, payload) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/json") req.Header.Add("Accept", "text/plain") req.Header.Add("Cookie", token) res, err := client.Do(req) _json = fmt.Sprintf(` { "id": 0, "method": "user_mod/1", "params": [ [ "%s" ], { "krbpasswordexpiration":"%s", "version": "2.235" } ] } `, username, t.Format("2006-01-02")+"Z") payload = strings.NewReader(_json) req, err = http.NewRequest(method, _url, payload) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/json") req.Header.Add("Accept", "text/plain") req.Header.Add("Cookie", token) err = nil res, err = client.Do(req) //fmt.Println(payload) if err != nil { return c.String(http.StatusBadRequest, "Error"+err.Error()) } defer res.Body.Close() return c.String(http.StatusOK, "Done") } func (h *handler) dnsrecordadd(c echo.Context) error { user := c.Get("user").(*jwt.Token) claims := user.Claims.(jwt.MapClaims) _sha256 := sha256.Sum256([]byte(string(claims["name"].(string)))) var hashChannel_ = make(chan []byte, 1) hashChannel_ <- _sha256[:] token := decrypt(<-hashChannel_, claims["IPAToken"].(string)) recordName := c.FormValue("recordName") record := c.FormValue("record") url := URL + "/ipa/session/json" method := "POST" _json := fmt.Sprintf(` { "id": 0, "method": "dnsrecord_add/1", "params": [ [ "ZI-TEL.COM", { "__dns_name__": "%s" } ], { "a_part_ip_address": "%s", "raw": true, "version": "2.235" } ] } `, recordName, record) payload := strings.NewReader(_json) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, url, payload) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/json") req.Header.Add("Accept", "text/plain") req.Header.Add("Cookie", token) res, err := client.Do(req) if err != nil { return c.String(http.StatusBadRequest, "Error"+err.Error()) } //body, err := ioutil.ReadAll(res.Body) //_res:=result{} //json.Unmarshal(body, &_res) //fmt.Println(_res) defer res.Body.Close() return c.String(http.StatusOK, "Done") } func (h *handler) token(c echo.Context) error { user := c.Get("user").(*jwt.Token) claims := user.Claims.(jwt.MapClaims) _sha256 := sha256.Sum256([]byte(string(claims["name"].(string)))) var hashChannel_ = make(chan []byte, 1) hashChannel_ <- _sha256[:] token := decrypt(<-hashChannel_, claims["IPAToken"].(string)) username := claims["name"].(string) _user := getUserInfo(token, username) //fmt.Println(user.Result) newtokens, err := generateTokenPair(_user, token) if err != nil { return err } return c.JSON(http.StatusOK, newtokens) } func (h *handler) verifyUser(c echo.Context) error { name := c.FormValue("Username") fmt.Println("Name: ", name) if name == "" { return c.JSON(http.StatusNotFound, "User NOT Found") } username := "admin" password := "h?_QJp5^&9FNc9w=" _url := URL + "/ipa/session/login_password" method := "POST" params := url.Values{} params.Add("user", username) params.Add("password", password) payload := strings.NewReader(params.Encode()) tr := &http.Transport{ TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, } client := &http.Client{Transport: tr} req, err := http.NewRequest(method, _url, payload) audit("Recieved Login request from: " + RealIP) if err != nil { fmt.Println(err) } req.Header.Add("Referer", URL+"/ipa") req.Header.Add("Content-Type", "application/x-www-form-urlencoded") req.Header.Add("Accept", "text/plain") res, err := client.Do(req) cockie := res.Cookies() token := cockie[0].Raw defer res.Body.Close() //fmt.Println(token) if res.StatusCode == 200 { user := getUserInfo(token, name) if user.Result.Value != name { return c.JSON(http.StatusNotFound, "User NOT Found") } } return c.JSON(http.StatusOK, "User Founded") }