123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617 |
- package main
- import (
- "crypto/sha256"
- "crypto/tls"
- "encoding/json"
- "fmt"
- "io/ioutil"
- "net/http"
- "net/url"
- "strings"
- "time"
- "github.com/dgrijalva/jwt-go"
- "github.com/labstack/echo"
- )
- type handler struct{}
- type userInfo struct {
- Result struct {
- Result struct {
- Sshpubkeyfp []string `json:"sshpubkeyfp"`
- HasKeytab bool `json:"has_keytab"`
- Ipasshpubkey []string `json:"ipasshpubkey"`
- Cn []string `json:"cn"`
- Krbcanonicalname []string `json:"krbcanonicalname"`
- Krbticketflags []string `json:"krbticketflags"`
- MemberofGroup []string `json:"memberof_group"`
- HasPassword bool `json:"has_password"`
- Homedirectory []string `json:"homedirectory"`
- Nsaccountlock bool `json:"nsaccountlock"`
- UID []string `json:"uid"`
- Title []string `json:"title"`
- Loginshell []string `json:"loginshell"`
- Uidnumber []string `json:"uidnumber"`
- Preserved bool `json:"preserved"`
- Krbextradata []struct {
- Base64 string `json:"__base64__"`
- } `json:"krbextradata"`
- Mail []string `json:"mail"`
- MemberofindirectHbacrule []string `json:"memberofindirect_hbacrule"`
- Dn string `json:"dn"`
- Displayname []string `json:"displayname"`
- Mepmanagedentry []string `json:"mepmanagedentry"`
- Ipauniqueid []string `json:"ipauniqueid"`
- Krbloginfailedcount []string `json:"krbloginfailedcount"`
- Krbpwdpolicyreference []string `json:"krbpwdpolicyreference"`
- Krbprincipalname []string `json:"krbprincipalname"`
- Givenname []string `json:"givenname"`
- Krblastadminunlock []struct {
- Datetime string `json:"__datetime__"`
- } `json:"krblastadminunlock"`
- Krbpasswordexpiration []struct {
- Datetime string `json:"__datetime__"`
- } `json:"krbpasswordexpiration"`
- Krblastfailedauth []struct {
- Datetime string `json:"__datetime__"`
- } `json:"krblastfailedauth"`
- Objectclass []string `json:"objectclass"`
- Gidnumber []string `json:"gidnumber"`
- Gecos []string `json:"gecos"`
- Sn []string `json:"sn"`
- MemberofSudorule []string `json:"memberof_sudorule"`
- Krblastpwdchange []struct {
- Datetime string `json:"__datetime__"`
- } `json:"krblastpwdchange"`
- Initials []string `json:"initials"`
- } `json:"result"`
- Value string `json:"value"`
- Summary interface{} `json:"summary"`
- } `json:"result"`
- Version string `json:"version"`
- Error interface{} `json:"error"`
- ID int `json:"id"`
- Principal string `json:"principal"`
- }
- func (h *handler) login(c echo.Context) error {
- username := c.FormValue("username")
- password := c.FormValue("password")
- _url := URL + "/ipa/session/login_password"
- method := "POST"
- params := url.Values{}
- params.Add("user", username)
- params.Add("password", password)
- payload := strings.NewReader(params.Encode())
- tr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- }
- client := &http.Client{Transport: tr}
- req, err := http.NewRequest(method, _url, payload)
- audit("Recieved Login request from: " + RealIP)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
- req.Header.Add("Accept", "text/plain")
- res, err := client.Do(req)
- cockie := res.Cookies()
- token := cockie[0].Raw
- defer res.Body.Close()
- //fmt.Println(res.StatusCode)
- if res.StatusCode == 200 {
- user := getUserInfo(token, username)
- //fmt.Println(user.Result)
- tokens, err := generateTokenPair(user, token)
- if err != nil {
- return err
- }
- return c.JSON(http.StatusOK, tokens)
- }
- return echo.ErrUnauthorized
- }
- func getUserInfo(token string, username string) userInfo {
- fmt.Println("Checking for User: ", username)
- url := URL + "/ipa/session/json"
- method := "POST"
- _json := fmt.Sprintf(`
- {
- "method": "user_show",
- "params": [
- [
- "%s"
- ],
- {
- "all": true,
- "version": "2.215"
- }
- ],
- "id": 0
- }
- `, username)
- payload := strings.NewReader(_json)
- tr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- }
- client := &http.Client{Transport: tr}
- req, err := http.NewRequest(method, url, payload)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/json")
- req.Header.Add("Accept", "text/plain")
- req.Header.Add("Cookie", token)
- res, err := client.Do(req)
- defer res.Body.Close()
- body, err := ioutil.ReadAll(res.Body)
- user := userInfo{}
- json.Unmarshal(body, &user)
- return user
- }
- func (h *handler) private(c echo.Context) error {
- user := c.Get("user").(*jwt.Token)
- claims := user.Claims.(jwt.MapClaims)
- name := claims["name"].(string)
- return c.String(http.StatusOK, "Welcome "+name+"!")
- }
- func (h *handler) addUser(c echo.Context) error {
- type apiErr struct {
- Result interface{} `json:"result"`
- Error struct {
- Code int `json:"code"`
- Message string `json:"message"`
- Data struct {
- } `json:"data"`
- Name string `json:"name"`
- } `json:"error"`
- ID int `json:"id"`
- Principal string `json:"principal"`
- Version string `json:"version"`
- }
- type addUser struct {
- Result struct {
- Result struct {
- Displayname []string `json:"displayname"`
- UID []string `json:"uid"`
- Uidnumber []string `json:"uidnumber"`
- Objectclass []string `json:"objectclass"`
- Sn []string `json:"sn"`
- Telephonenumber []string `json:"telephonenumber"`
- Cn []string `json:"cn"`
- Krbpasswordexpiration []struct {
- Datetime string `json:"__datetime__"`
- } `json:"krbpasswordexpiration"`
- Mobile []string `json:"mobile"`
- Krbprincipalname []string `json:"krbprincipalname"`
- Ipauniqueid []string `json:"ipauniqueid"`
- Givenname []string `json:"givenname"`
- Gidnumber []string `json:"gidnumber"`
- Krbcanonicalname []string `json:"krbcanonicalname"`
- Mail []string `json:"mail"`
- Initials []string `json:"initials"`
- Homedirectory []string `json:"homedirectory"`
- Loginshell []string `json:"loginshell"`
- Gecos []string `json:"gecos"`
- Randompassword string `json:"randompassword"`
- HasPassword bool `json:"has_password"`
- HasKeytab bool `json:"has_keytab"`
- MemberofGroup []string `json:"memberof_group"`
- Dn string `json:"dn"`
- } `json:"result"`
- Value string `json:"value"`
- Summary string `json:"summary"`
- } `json:"result"`
- Error string `json:"error"`
- ID int `json:"id"`
- Principal string `json:"principal"`
- Version string `json:"version"`
- }
- user := c.Get("user").(*jwt.Token)
- claims := user.Claims.(jwt.MapClaims)
- _sha256 := sha256.Sum256([]byte(string(claims["name"].(string))))
- var hashChannel_ = make(chan []byte, 1)
- hashChannel_ <- _sha256[:]
- token := decrypt(<-hashChannel_, claims["IPAToken"].(string))
- b, err := json.Marshal(claims)
- if err != nil {
- fmt.Println("err:", err)
- }
- fmt.Println("AddUser Claims: ", claims)
- fmt.Println("AddUser token: ", token)
- username := c.FormValue("Username")
- sha256 := sha256.Sum256([]byte(username))
- var hashChannel = make(chan []byte, 1)
- hashChannel <- sha256[:]
- ciphertext := encrypt(<-hashChannel, string(b))
- fmt.Println("B: ", string(b))
- fmt.Println("Ciphere: ", ciphertext)
- sn := c.FormValue("Lname")
- cn := c.FormValue("FullName")
- givenname := c.FormValue("Fname")
- displayname := c.FormValue("displayname")
- krbpasswordexpiration := c.FormValue("krbpasswordexpiration")
- mail := c.FormValue("mail")
- telephonenumber := c.FormValue("telephonenumber")
- mobile := c.FormValue("mobile")
- _url := URL + "/ipa/session/json"
- method := "POST"
- _json := fmt.Sprintf(`
- {
- "id": 0,
- "method": "user_add/1",
- "params": [
- [
- "%s"
- ],
- {
- "givenname": "%s",
- "sn": "%s",
- "cn":"%s",
- "displayname":"%s",
- "loginshell":"/usr/sbin/nologin",
- "krbpasswordexpiration":"%s",
- "mail":"%s",
- "random":"true",
- "gidnumber":"599200001",
- "telephonenumber":"%s",
- "mobile":"%s",
- "version": "2.235"
- }
- ]
- }
- `, username, givenname, sn, cn, displayname, krbpasswordexpiration, mail, telephonenumber, mobile)
- __json := fmt.Sprintf(`
- {
- "id": 0,
- "method": "group_add_member/1",
- "params": [
- [
- "svcaccounts"
- ],
- {
- "user": [
- "%s"
- ],
- "version": "2.235"
- }
- ]
- }
- `, username)
- payload := strings.NewReader(_json)
- _payload := strings.NewReader(__json)
- tr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- }
- client := &http.Client{Transport: tr}
- req, err := http.NewRequest(method, _url, payload)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/json")
- req.Header.Add("Accept", "text/plain")
- req.Header.Add("Cookie", token)
- res, err := client.Do(req)
- _req, _ := http.NewRequest(method, _url, _payload)
- _req.Header.Add("Referer", URL+"/ipa")
- _req.Header.Add("Content-Type", "application/json")
- _req.Header.Add("Accept", "text/plain")
- _req.Header.Add("Cookie", token)
- client.Do(_req)
- defer res.Body.Close()
- body, err := ioutil.ReadAll(res.Body)
- result := addUser{}
- _err := json.Unmarshal(body, &result)
- // fmt.Println(result)
- if _err != nil {
- _apiErr := apiErr{}
- __err := json.Unmarshal(body, &_apiErr)
- if __err != nil {
- return c.String(http.StatusBadRequest, "Error of error!!")
- }
- res2B, _ := json.Marshal(_apiErr)
- return c.String(http.StatusBadRequest, string(res2B))
- }
- go sendMail("Welcome to ZiCloud\r\n Your temporary link is :\r\n https://zicloud.com/reset/"+url.QueryEscape(ciphertext), "Welcome to ZiCloud", mail)
- resp := _response{
- Origin: "addUser",
- Message: "Done, Reset Link was sent to " + mail,
- Code: 1000,
- }
- b, _ = json.MarshalIndent(resp, "", " ")
- return c.String(http.StatusOK, string(b))
- }
- func (h *handler) disableUser(c echo.Context) error {
- user := c.Get("user").(*jwt.Token)
- claims := user.Claims.(jwt.MapClaims)
- _sha256 := sha256.Sum256([]byte(string(claims["name"].(string))))
- var hashChannel_ = make(chan []byte, 1)
- hashChannel_ <- _sha256[:]
- token := decrypt(<-hashChannel_, claims["IPAToken"].(string))
- username := c.FormValue("Username")
- url := URL + "/ipa/session/json"
- method := "POST"
- _json := fmt.Sprintf(`
- {
- "id": 0,
- "method": "user_disable/1",
- "params": [
- [
- "%s"
- ],
- {
- "version": "2.235"
- }
- ]
- }
- `, username)
- payload := strings.NewReader(_json)
- tr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- }
- client := &http.Client{Transport: tr}
- req, err := http.NewRequest(method, url, payload)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/json")
- req.Header.Add("Accept", "text/plain")
- req.Header.Add("Cookie", token)
- res, err := client.Do(req)
- if err != nil {
- return c.String(http.StatusBadRequest, "Error"+err.Error())
- }
- defer res.Body.Close()
- resp := _response{
- Origin: "disableUser",
- Message: "Done",
- Code: 1000,
- }
- b, _ := json.MarshalIndent(resp, "", " ")
- return c.String(http.StatusOK, string(b))
- }
- func (h *handler) resetUser(c echo.Context) error {
- type keyJson struct {
- IPAToken string `json:"IPAToken"`
- Admin bool `json:"admin"`
- Exp int `json:"exp"`
- Memberof []string `json:"memberof"`
- Name string `json:"name"`
- Sub int `json:"sub"`
- }
- t := time.Now() //%Y%m%d%H%M%SZ
- t = t.Add(time.Hour * 24 * 60)
- username := c.FormValue("Username")
- password := c.FormValue("Password")
- key := c.FormValue("key")
- key, _ = url.QueryUnescape(key)
- _sha256 := sha256.Sum256([]byte(username))
- var hashChannel = make(chan []byte, 1)
- hashChannel <- _sha256[:]
- plainkey := decrypt(<-hashChannel, key)
- _plainkey := keyJson{}
- json.Unmarshal([]byte(plainkey), &_plainkey)
- _name := _plainkey.Name
- //_sha256 := sha256.Sum256([]byte(string("")))
- var hashChannel_ = make(chan []byte, 1)
- __sha256 := sha256.Sum256([]byte(_name))
- hashChannel_ <- __sha256[:]
- token := decrypt(<-hashChannel_, string(_plainkey.IPAToken))
- // token := _plainkey.IPAToken
- _url := URL + "/ipa/session/json"
- method := "POST"
- _json := fmt.Sprintf(`
- {
- "id": 0,
- "method": "user_mod/1",
- "params": [
- [
- "%s"
- ],
- {
- "userpassword":"%s",
- "version": "2.235"
- }
- ]
- }
- `, username, password)
- payload := strings.NewReader(_json)
- tr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- }
- client := &http.Client{Transport: tr}
- req, err := http.NewRequest(method, _url, payload)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/json")
- req.Header.Add("Accept", "text/plain")
- req.Header.Add("Cookie", token)
- res, err := client.Do(req)
- //fmt.Println(token)
- //fmt.Println(_json)
- //fmt.Println(req)
- //fmt.Println(res)
- _json = fmt.Sprintf(`
- {
- "id": 0,
- "method": "user_mod/1",
- "params": [
- [
- "%s"
- ],
- {
- "krbpasswordexpiration":"%s",
- "version": "2.235"
- }
- ]
- }
- `, username, t.Format("2006-01-02")+"Z")
- payload = strings.NewReader(_json)
- req, err = http.NewRequest(method, _url, payload)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/json")
- req.Header.Add("Accept", "text/plain")
- req.Header.Add("Cookie", token)
- err = nil
- res, err = client.Do(req)
- //fmt.Println(token)
- //fmt.Println(_json)
- //fmt.Println(req)
- //fmt.Println(res)
- if err != nil {
- return c.String(http.StatusBadRequest, "Error"+err.Error())
- }
- defer res.Body.Close()
- resp := _response{
- Origin: "resetUser",
- Message: "Done",
- Code: 1000,
- }
- b, _ := json.MarshalIndent(resp, "", " ")
- return c.String(http.StatusOK, string(b))
- }
- func (h *handler) dnsrecordadd(c echo.Context) error {
- user := c.Get("user").(*jwt.Token)
- claims := user.Claims.(jwt.MapClaims)
- _sha256 := sha256.Sum256([]byte(string(claims["name"].(string))))
- var hashChannel_ = make(chan []byte, 1)
- hashChannel_ <- _sha256[:]
- token := decrypt(<-hashChannel_, claims["IPAToken"].(string))
- recordName := c.FormValue("recordName")
- record := c.FormValue("record")
- url := URL + "/ipa/session/json"
- method := "POST"
- _json := fmt.Sprintf(`
- {
- "id": 0,
- "method": "dnsrecord_add/1",
- "params": [
- [
- "ZI-TEL.COM",
- {
- "__dns_name__": "%s"
- }
- ],
- {
- "a_part_ip_address": "%s",
- "raw": true,
- "version": "2.235"
- }
- ]
- }
- `, recordName, record)
- payload := strings.NewReader(_json)
- tr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- }
- client := &http.Client{Transport: tr}
- req, err := http.NewRequest(method, url, payload)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/json")
- req.Header.Add("Accept", "text/plain")
- req.Header.Add("Cookie", token)
- res, err := client.Do(req)
- if err != nil {
- return c.String(http.StatusBadRequest, "Error"+err.Error())
- }
- //body, err := ioutil.ReadAll(res.Body)
- //_res:=result{}
- //json.Unmarshal(body, &_res)
- //fmt.Println(_res)
- defer res.Body.Close()
- resp := _response{
- Origin: "dnsrecordadd",
- Message: "Done",
- Code: 1000,
- }
- b, _ := json.MarshalIndent(resp, "", " ")
- return c.String(http.StatusOK, string(b))
- }
- func (h *handler) token(c echo.Context) error {
- user := c.Get("user").(*jwt.Token)
- claims := user.Claims.(jwt.MapClaims)
- _sha256 := sha256.Sum256([]byte(string(claims["name"].(string))))
- var hashChannel_ = make(chan []byte, 1)
- hashChannel_ <- _sha256[:]
- token := decrypt(<-hashChannel_, claims["IPAToken"].(string))
- username := claims["name"].(string)
- _user := getUserInfo(token, username)
- //fmt.Println(user.Result)
- newtokens, err := generateTokenPair(_user, token)
- if err != nil {
- return err
- }
- return c.JSON(http.StatusOK, newtokens)
- }
- func (h *handler) verifyUser(c echo.Context) error {
- name := c.FormValue("Username")
- //fmt.Println("Name: ", name)
- if name == "" {
- return c.JSON(http.StatusNotFound, "User NOT Found")
- }
- username := "admin"
- password := "h?_QJp5^&9FNc9w="
- _url := URL + "/ipa/session/login_password"
- method := "POST"
- params := url.Values{}
- params.Add("user", username)
- params.Add("password", password)
- payload := strings.NewReader(params.Encode())
- tr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
- }
- client := &http.Client{Transport: tr}
- req, err := http.NewRequest(method, _url, payload)
- audit("Recieved Login request from: " + RealIP)
- if err != nil {
- fmt.Println(err)
- }
- req.Header.Add("Referer", URL+"/ipa")
- req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
- req.Header.Add("Accept", "text/plain")
- res, err := client.Do(req)
- cockie := res.Cookies()
- token := cockie[0].Raw
- defer res.Body.Close()
- //fmt.Println(token)
- if res.StatusCode == 200 {
- user := getUserInfo(token, name)
- if user.Result.Value != name {
- resp := _response{
- Origin: "VerifyUser",
- Message: "User Not Found",
- Code: 1001,
- }
- b, _errr := json.MarshalIndent(resp, "", " ")
- if _errr != nil {
- fmt.Println(_errr)
- }
- fmt.Print(string(b))
- return c.JSON(http.StatusNotFound, string(b))
- }
- }
- resp := _response{
- Origin: "VerifyUser",
- Message: "User Found",
- Code: 1002,
- }
- b, _ := json.MarshalIndent(resp, "", " ")
- return c.JSON(http.StatusOK, string(b))
- }
|