Example #1
0
        public static LdapConnection BuildConnection(OpenVPNConfig config)
        {
            var resultCollection   = new ConcurrentBag <LdapConnection>();
            ParallelLoopResult res = Parallel.ForEach(config.DomainControllers, (dcServer, state) =>
            {
                LdapConnection connection = new LdapConnection();
                //add ssl options
                if (config.EnableSSL)
                {
                    connection.SecureSocketLayer = true;
                    connection.UserDefinedServerCertValidationDelegate += new CertificateValidationCallback(CustomSSLHandler);
                }
                try
                {
                    //try to bind connection with credentials
                    connection.Connect(dcServer, config.DomainControllerPort);
                    connection.Bind(config.DomainUsername, config.Password);
                    if (connection.Connected)
                    {
                        resultCollection.Add(connection);
                        state.Stop();
                    }
                }
                catch (LdapException)
                {
                    //cannot connect to the server. It would be processed later.
                }
            });

            LdapConnection usedConnection;

            resultCollection.TryTake(out usedConnection);
            //disconnect other
            LdapConnection c;

            while (resultCollection.TryTake(out c))
            {
                c.Disconnect();
            }
            if (usedConnection != null)
            {
                return(usedConnection);
            }
            else
            {
                throw new System.Exception("Error: Cannot bind connection to LDAP");
            }
        }
Example #2
0
        public static int Main(string[] args)
        {
            string        username = Environment.GetEnvironmentVariable("username");
            string        password = Environment.GetEnvironmentVariable("password");
            OpenVPNConfig config;

            if (String.IsNullOrEmpty(username) || String.IsNullOrEmpty(password))
            {
                Console.WriteLine("Auth failed. Reason: environment variables username or password undefined.");
                System.Environment.Exit(1);
            }

            /*for testing
             * string username = @"domain\testusername";
             * string password = "******";
             */


            try
            {
                config = new OpenVPNConfig(ConfigurationManager.AppSettings["domain"], ConfigurationManager.AppSettings["accessGroups"], ConfigurationManager.AppSettings["deniedGroups"],
                                           ConfigurationManager.AppSettings["domainControllers"], ConfigurationManager.AppSettings["domainControllerPort"],
                                           ConfigurationManager.AppSettings["enableSSL"], username, password);
            }catch
            {
                Console.WriteLine("Auth failed. Reason: something wrong in the configuration file");
                return(1);
            }


            try
            {
                //create connection to Ldap
                LdapConnection connection = BuildConnection(config);
                //connection succeed, login and password are correct and testing rejectGroup membership
                if (config.DeniedGroups.Length != 0)
                {
                    //rejectGroup is not null. Testing
                    if (isUserInGroups(config.Username, connection, config.DomainDC, config.DeniedGroups))
                    {
                        //user was found in rejectGroup
                        //AUTH FAILED. EXIT
                        connection.Disconnect();
                        Console.WriteLine("Auth failed for: '{0}'. Reason: user was found in the reject group.", config.Username);
                        return(1);
                    }
                }
                if (config.AccessGroups.Length != 0)
                {
                    //permitGroup is not null. Testing
                    if (isUserInGroups(config.Username, connection, config.DomainDC, config.AccessGroups))
                    {
                        //user was found in permit Group
                        //AUTH PASSED
                        connection.Disconnect();
                        Console.WriteLine("Auth success for: '{0}'.", config.Username);
                        return(0);
                    }
                    else
                    {
                        //user wasn't found in permitGroup
                        //AUTH FAILED. EXIT
                        connection.Disconnect();
                        Console.WriteLine("Auth failed for: '{0}'. Reason: user wasn't found in the permit group.", config.Username);
                        return(1);
                    }
                }
                connection.Disconnect();
                //All tests passed.
                //AUTH PASS. SUCCESS.
                Console.WriteLine("Auth success for: '{0}'.", config.Username);
                return(0);
            }
            catch
            {
                Console.WriteLine("Auth failed for: '{0}'", config.Username);
                return(1);
            }
        }