2021-02-11 20:44:07 +01:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
|
"gopkg.in/yaml.v2"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type (
|
|
|
|
|
/* *
|
|
|
|
|
* CONFIGURATION DATA *
|
|
|
|
|
* */
|
|
|
|
|
|
|
|
|
|
// LDAP server configuration
|
2021-02-13 18:26:37 +01:00
|
|
|
ldapConfig struct {
|
|
|
|
|
Host string `yaml:"host"`
|
|
|
|
|
Port uint16 `yaml:"port"`
|
|
|
|
|
TLS string `yaml:"tls"`
|
|
|
|
|
TLSNoVerify bool `yaml:"tls_skip_verify"`
|
2021-02-11 20:44:07 +01:00
|
|
|
CaChain string `yaml:"cachain"`
|
|
|
|
|
BindUser string `yaml:"bind_user"`
|
|
|
|
|
BindPassword string `yaml:"bind_password"`
|
|
|
|
|
MemberFields []string `yaml:"member_fields"`
|
|
|
|
|
UsernameAttr string `yaml:"username_attribute"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Graylog server configuration
|
2021-02-13 18:26:37 +01:00
|
|
|
graylogConfig struct {
|
|
|
|
|
APIBase string `yaml:"api_base"`
|
2021-02-11 20:44:07 +01:00
|
|
|
Username string
|
|
|
|
|
Password string
|
|
|
|
|
DeleteAccounts bool `yaml:"delete_accounts"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// A Graylog object on which privileges are defined
|
2021-02-13 18:26:37 +01:00
|
|
|
graylogObject struct {
|
|
|
|
|
Type string `yaml:"type"`
|
|
|
|
|
ID string `yaml:"id"`
|
|
|
|
|
Level string `yaml:"level"`
|
2021-02-11 20:44:07 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// A mapping from a LDAP group to a set of privileges
|
2021-02-13 18:26:37 +01:00
|
|
|
groupPrivileges struct {
|
2021-02-11 20:44:07 +01:00
|
|
|
Roles []string
|
2021-02-13 18:26:37 +01:00
|
|
|
Privileges []graylogObject
|
2021-02-11 20:44:07 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// All group mappings
|
2021-02-13 18:26:37 +01:00
|
|
|
groupMapping map[string]groupPrivileges
|
2021-02-11 20:44:07 +01:00
|
|
|
|
|
|
|
|
// The whole configuration
|
2021-02-13 18:26:37 +01:00
|
|
|
configuration struct {
|
|
|
|
|
LDAP ldapConfig
|
|
|
|
|
Graylog graylogConfig
|
|
|
|
|
Mapping groupMapping
|
2021-02-11 20:44:07 +01:00
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Check group/privilege mapping configuration
|
2021-02-13 18:26:37 +01:00
|
|
|
func checkPrivMapping(cfg groupMapping, log *logrus.Entry) {
|
2021-02-11 20:44:07 +01:00
|
|
|
for group, info := range cfg {
|
|
|
|
|
log := log.WithField("group", group)
|
|
|
|
|
for index, priv := range info.Privileges {
|
|
|
|
|
log := log.WithField("entry", index)
|
|
|
|
|
if !graylogItems[priv.Type] {
|
|
|
|
|
log.WithField("item", priv.Type).
|
|
|
|
|
Fatal("Invalid Graylog item")
|
|
|
|
|
}
|
|
|
|
|
if _, ok := privLevels[priv.Level]; !ok {
|
|
|
|
|
log.WithField("level", priv.Level).
|
|
|
|
|
Fatal("Invalid privilege level")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Load and check the configuration file
|
2021-02-13 18:26:37 +01:00
|
|
|
func loadConfiguration(flags cliFlags) (cfg configuration) {
|
2021-02-11 20:44:07 +01:00
|
|
|
log := log.WithField("config", flags.cfgFile)
|
|
|
|
|
log.Trace("Loading configuration")
|
|
|
|
|
cfgData, err := ioutil.ReadFile(flags.cfgFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.WithField("error", err).Fatal("Could not load configuration")
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-13 18:26:37 +01:00
|
|
|
cfg = configuration{
|
|
|
|
|
LDAP: ldapConfig{
|
2021-02-11 20:44:07 +01:00
|
|
|
Port: 389,
|
2021-02-13 18:26:37 +01:00
|
|
|
TLS: "no",
|
2021-02-11 20:44:07 +01:00
|
|
|
},
|
|
|
|
|
}
|
2021-02-13 18:26:37 +01:00
|
|
|
err = yaml.Unmarshal(cfgData, &cfg)
|
2021-02-11 20:44:07 +01:00
|
|
|
if err != nil {
|
|
|
|
|
log.WithField("error", err).Fatal("Could not parse configuration")
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-13 18:26:37 +01:00
|
|
|
checkPrivMapping(cfg.Mapping, log)
|
2021-02-11 20:44:07 +01:00
|
|
|
return
|
|
|
|
|
}
|
