public static LdapConnection BuildConnection(OpenVPNConfig config)
{
var resultCollection = new ConcurrentBag <LdapConnection>();
ParallelLoopResult res = Parallel.ForEach(config.DomainControllers, (dcServer, state) =>
{
LdapConnection connection = new LdapConnection();
//add ssl options
if (config.EnableSSL)
{
connection.SecureSocketLayer = true;
connection.UserDefinedServerCertValidationDelegate += new CertificateValidationCallback(CustomSSLHandler);
}
try
{
//try to bind connection with credentials
connection.Connect(dcServer, config.DomainControllerPort);
connection.Bind(config.DomainUsername, config.Password);
if (connection.Connected)
{
resultCollection.Add(connection);
state.Stop();
}
}
catch (LdapException)
{
//cannot connect to the server. It would be processed later.
}
});
LdapConnection usedConnection;
resultCollection.TryTake(out usedConnection);
//disconnect other
LdapConnection c;
while (resultCollection.TryTake(out c))
{
c.Disconnect();
}
if (usedConnection != null)
{
return(usedConnection);
}
else
{
throw new System.Exception("Error: Cannot bind connection to LDAP");
}
}
public static int Main(string[] args)
{
string username = Environment.GetEnvironmentVariable("username");
string password = Environment.GetEnvironmentVariable("password");
OpenVPNConfig config;
if (String.IsNullOrEmpty(username) || String.IsNullOrEmpty(password))
{
Console.WriteLine("Auth failed. Reason: environment variables username or password undefined.");
System.Environment.Exit(1);
}
/*for testing
* string username = @"domain\testusername";
* string password = "******";
*/
try
{
config = new OpenVPNConfig(ConfigurationManager.AppSettings["domain"], ConfigurationManager.AppSettings["accessGroups"], ConfigurationManager.AppSettings["deniedGroups"],
ConfigurationManager.AppSettings["domainControllers"], ConfigurationManager.AppSettings["domainControllerPort"],
ConfigurationManager.AppSettings["enableSSL"], username, password);
}catch
{
Console.WriteLine("Auth failed. Reason: something wrong in the configuration file");
return(1);
}
try
{
//create connection to Ldap
LdapConnection connection = BuildConnection(config);
//connection succeed, login and password are correct and testing rejectGroup membership
if (config.DeniedGroups.Length != 0)
{
//rejectGroup is not null. Testing
if (isUserInGroups(config.Username, connection, config.DomainDC, config.DeniedGroups))
{
//user was found in rejectGroup
//AUTH FAILED. EXIT
connection.Disconnect();
Console.WriteLine("Auth failed for: '{0}'. Reason: user was found in the reject group.", config.Username);
return(1);
}
}
if (config.AccessGroups.Length != 0)
{
//permitGroup is not null. Testing
if (isUserInGroups(config.Username, connection, config.DomainDC, config.AccessGroups))
{
//user was found in permit Group
//AUTH PASSED
connection.Disconnect();
Console.WriteLine("Auth success for: '{0}'.", config.Username);
return(0);
}
else
{
//user wasn't found in permitGroup
//AUTH FAILED. EXIT
connection.Disconnect();
Console.WriteLine("Auth failed for: '{0}'. Reason: user wasn't found in the permit group.", config.Username);
return(1);
}
}
connection.Disconnect();
//All tests passed.
//AUTH PASS. SUCCESS.
Console.WriteLine("Auth success for: '{0}'.", config.Username);
return(0);
}
catch
{
Console.WriteLine("Auth failed for: '{0}'", config.Username);
return(1);
}
}