From d6eef43f01703b8fe2cef19c7a63e0d328cd471f Mon Sep 17 00:00:00 2001 From: Ameya Purao Date: Thu, 19 Feb 2026 15:30:26 -0600 Subject: [PATCH 1/2] added some service checks --- check/check_kerberos.go | 231 ++++++++++++++++++++++++++++++++ check/check_ldap.go | 285 ++++++++++++++++++++++++++++++++++++++++ check/check_smb.go | 140 ++++++++++++++++++++ check/check_ssh.go | 126 ++++++++++++++++++ check/main.go | 30 +++++ cmd/check.go | 23 ++++ go.mod | 22 +++- go.sum | 78 +++++++++++ 8 files changed, 930 insertions(+), 5 deletions(-) create mode 100644 check/check_kerberos.go create mode 100644 check/check_ldap.go create mode 100644 check/check_smb.go create mode 100644 check/check_ssh.go create mode 100644 check/main.go create mode 100644 cmd/check.go diff --git a/check/check_kerberos.go b/check/check_kerberos.go new file mode 100644 index 0000000..b6e9dfb --- /dev/null +++ b/check/check_kerberos.go @@ -0,0 +1,231 @@ +package check + +import ( + "encoding/csv" + "fmt" + "os" + "strings" + "time" + + "github.com/charmbracelet/log" + "github.com/jcmturner/gokrb5/v8/client" + "github.com/jcmturner/gokrb5/v8/config" + "github.com/jcmturner/gokrb5/v8/credentials" + "github.com/spf13/cobra" +) + +var kerberosCheckCmd = &cobra.Command{ + Use: "kerberos", + Short: "Check Kerberos KDC connectivity and authentication", + Long: `Verify Kerberos Key Distribution Center (KDC) is accessible and +credentials are valid. Obtains a Ticket Granting Ticket (TGT) to verify authentication.`, + Run: func(cmd *cobra.Command, args []string) { + kdc, _ := cmd.Flags().GetString("kdc") + realm, _ := cmd.Flags().GetString("realm") + fqdn, _ := cmd.Flags().GetString("fqdn") + username, _ := cmd.Flags().GetString("username") + password, _ := cmd.Flags().GetString("password") + csvFile, _ := cmd.Flags().GetString("csv") + timeout, _ := cmd.Flags().GetInt("timeout") + + // If CSV file is provided, batch check + if csvFile != "" { + results, err := checkKerberosBatch(kdc, realm, fqdn, csvFile, timeout) + if err != nil { + log.Error("Kerberos batch check failed", "error", err) + os.Exit(1) + } + + // Print results + fmt.Printf("\n=== Kerberos Batch Check Results ===\n") + fmt.Printf("Total: %d | Valid: %d | Invalid: %d\n\n", + results.Total, results.Valid, results.Invalid) + + if len(results.ValidCreds) > 0 { + fmt.Println("✓ Valid credentials:") + for _, cred := range results.ValidCreds { + fmt.Printf(" • %s\n", cred) + } + } + + if len(results.InvalidCreds) > 0 { + fmt.Println("\n✗ Invalid credentials:") + for _, cred := range results.InvalidCreds { + fmt.Printf(" • %s\n", cred) + } + } + + if results.Invalid > 0 { + os.Exit(2) + } + os.Exit(0) + } + + // Single credential check + if username == "" || password == "" { + log.Error("Either provide --username and --password, or use --csv for batch checking") + os.Exit(1) + } + + if err := checkKerberos(kdc, realm, fqdn, username, password, timeout); err != nil { + log.Error("Kerberos check failed", "error", err) + os.Exit(2) + } + fmt.Println("✓ Kerberos check passed") + os.Exit(0) + }, +} + +func setupKerberosCheckCmd(cmd *cobra.Command) { + kerberosCheckCmd.Flags().StringP("kdc", "k", "", "KDC server address (IP or hostname)") + kerberosCheckCmd.Flags().StringP("realm", "r", "", "Kerberos realm (e.g., EXAMPLE.COM)") + kerberosCheckCmd.Flags().StringP("fqdn", "f", "", "Fully qualified domain name of the KDC") + kerberosCheckCmd.Flags().StringP("username", "u", "", "Username for authentication (not used with --csv)") + kerberosCheckCmd.Flags().StringP("password", "p", "", "Password for authentication (not used with --csv)") + kerberosCheckCmd.Flags().StringP("csv", "c", "", "CSV file with username,password pairs for batch checking") + kerberosCheckCmd.Flags().IntP("timeout", "t", 10, "Connection timeout in seconds") + + kerberosCheckCmd.MarkFlagRequired("kdc") + kerberosCheckCmd.MarkFlagRequired("realm") + kerberosCheckCmd.MarkFlagRequired("fqdn") + + cmd.AddCommand(kerberosCheckCmd) +} + +func checkKerberos(kdc, realm, fqdn, username, password string, timeoutSec int) error { + fmt.Printf("Connecting to Kerberos KDC at %s (realm: %s)...\n", kdc, realm) + + // Ensure KDC has port specified (default to 88) + kdcAddress := kdc + if !contains(kdcAddress, ":") { + kdcAddress = fmt.Sprintf("%s:88", kdc) + } + + // Create a minimal Kerberos configuration using IP:port to avoid DNS lookups + krb5conf := `[libdefaults] + default_realm = %s + dns_lookup_realm = false + dns_lookup_kdc = false + ticket_lifetime = 24h + forwardable = yes + udp_preference_limit = 1 + +[realms] + %s = { + kdc = %s + admin_server = %s + } + +[domain_realm] + .%s = %s + %s = %s +` + confString := fmt.Sprintf(krb5conf, realm, realm, kdcAddress, kdcAddress, fqdn, realm, fqdn, realm) + + // Parse the configuration + cfg, err := config.NewFromString(confString) + if err != nil { + return fmt.Errorf("failed to create Kerberos config: %w", err) + } + + // Create a client with username and password + cl := client.NewWithPassword(username, realm, password, cfg, client.DisablePAFXFAST(true)) + + // Login to obtain TGT + done := make(chan error, 1) + go func() { + done <- cl.Login() + }() + + select { + case err := <-done: + if err != nil { + return fmt.Errorf("authentication failed: %w", err) + } + case <-time.After(time.Duration(timeoutSec) * time.Second): + return fmt.Errorf("connection timeout after %d seconds", timeoutSec) + } + + fmt.Println("✓ Connection established") + fmt.Printf("✓ Authentication successful (obtained TGT for %s@%s)\n", username, realm) + + // Verify we have credentials by checking IsConfigured (returns bool and error) + configured, err := cl.IsConfigured() + if err != nil { + return fmt.Errorf("failed to verify client configuration: %w", err) + } + if !configured { + return fmt.Errorf("client not properly configured after login") + } + + // Try to get the credentials to verify they exist + creds := credentials.New(username, realm) + if creds == nil { + return fmt.Errorf("failed to verify credentials") + } + + fmt.Println("✓ Ticket verification successful") + + // Destroy the session + cl.Destroy() + + return nil +} + +// contains checks if a string contains a substring +func contains(s, substr string) bool { + return strings.Contains(s, substr) +} + +// checkKerberosBatch checks multiple username/password pairs from a CSV file +func checkKerberosBatch(kdc, realm, fqdn, csvFile string, timeoutSec int) (*BatchCheckResult, error) { + // Read CSV file + file, err := os.Open(csvFile) + if err != nil { + return nil, fmt.Errorf("failed to open CSV file: %w", err) + } + defer file.Close() + + reader := csv.NewReader(file) + records, err := reader.ReadAll() + if err != nil { + return nil, fmt.Errorf("failed to read CSV file: %w", err) + } + + if len(records) == 0 { + return nil, fmt.Errorf("CSV file is empty") + } + + results := &BatchCheckResult{ + ValidCreds: []string{}, + InvalidCreds: []string{}, + } + + fmt.Printf("Checking %d credential(s) from %s...\n\n", len(records), csvFile) + + for i, record := range records { + if len(record) < 2 { + fmt.Printf("[%d/%d] ✗ Skipping invalid CSV row (need username,password)\n", i+1, len(records)) + continue + } + + username := record[0] + password := record[1] + results.Total++ + + fmt.Printf("[%d/%d] Testing %s... ", i+1, len(records), username) + + err := checkKerberos(kdc, realm, fqdn, username, password, timeoutSec) + if err != nil { + fmt.Println("✗ INVALID") + results.Invalid++ + results.InvalidCreds = append(results.InvalidCreds, username) + } else { + fmt.Println("✓ VALID") + results.Valid++ + results.ValidCreds = append(results.ValidCreds, username) + } + } + + return results, nil +} diff --git a/check/check_ldap.go b/check/check_ldap.go new file mode 100644 index 0000000..ba04c09 --- /dev/null +++ b/check/check_ldap.go @@ -0,0 +1,285 @@ +package check + +import ( + "crypto/tls" + "encoding/csv" + "fmt" + "os" + "time" + + "github.com/charmbracelet/log" + "github.com/go-ldap/ldap/v3" + "github.com/spf13/cobra" +) + +var ldapCheckCmd = &cobra.Command{ + Use: "ldap", + Short: "Check LDAP server connectivity and authentication", + Long: `Verify LDAP server is accessible and credentials are valid. +Performs a simple bind operation and optionally searches the directory.`, + Run: func(cmd *cobra.Command, args []string) { + server, _ := cmd.Flags().GetString("server") + username, _ := cmd.Flags().GetString("username") + password, _ := cmd.Flags().GetString("password") + csvFile, _ := cmd.Flags().GetString("csv") + useTLS, _ := cmd.Flags().GetBool("tls") + timeout, _ := cmd.Flags().GetInt("timeout") + + // If CSV file is provided, batch check + if csvFile != "" { + results, err := checkLDAPBatch(server, csvFile, useTLS, timeout) + if err != nil { + log.Error("LDAP batch check failed", "error", err) + os.Exit(1) + } + + // Print results + fmt.Printf("\n=== LDAP Batch Check Results ===\n") + fmt.Printf("Total: %d | Valid: %d | Invalid: %d\n\n", + results.Total, results.Valid, results.Invalid) + + if len(results.ValidCreds) > 0 { + fmt.Println("✓ Valid credentials:") + for _, cred := range results.ValidCreds { + fmt.Printf(" • %s\n", cred) + } + } + + if len(results.InvalidCreds) > 0 { + fmt.Println("\n✗ Invalid credentials:") + for _, cred := range results.InvalidCreds { + fmt.Printf(" • %s\n", cred) + } + } + + if results.Invalid > 0 { + os.Exit(2) + } + os.Exit(0) + } + + // Single credential check + if username == "" || password == "" { + log.Error("Either provide --username and --password, or use --csv for batch checking") + os.Exit(1) + } + + if err := checkLDAP(server, username, password, useTLS, timeout); err != nil { + log.Error("LDAP check failed", "error", err) + os.Exit(2) + } + fmt.Println("✓ LDAP check passed") + os.Exit(0) + }, +} + +func setupLdapCheckCmd(cmd *cobra.Command) { + ldapCheckCmd.Flags().StringP("server", "s", "", "LDAP server address (IP or hostname)") + ldapCheckCmd.Flags().StringP("username", "u", "", "Username for authentication (not used with --csv)") + ldapCheckCmd.Flags().StringP("password", "p", "", "Password for authentication (not used with --csv)") + ldapCheckCmd.Flags().StringP("csv", "f", "", "CSV file with username,password pairs for batch checking") + ldapCheckCmd.Flags().Bool("tls", false, "Use StartTLS to upgrade connection to TLS") + ldapCheckCmd.Flags().IntP("timeout", "t", 10, "Connection timeout in seconds") + + ldapCheckCmd.MarkFlagRequired("server") + + cmd.AddCommand(ldapCheckCmd) +} + +func checkLDAP(server, username, password string, useTLS bool, timeoutSec int) error { + // Always connect on port 389 initially + port := "389" + address := fmt.Sprintf("%s:%s", server, port) + + if useTLS { + fmt.Printf("Connecting to ldap://%s (will upgrade to TLS via StartTLS)...\n", address) + } else { + fmt.Printf("Connecting to ldap://%s...\n", address) + } + + // Set dial timeout + ldap.DefaultTimeout = time.Duration(timeoutSec) * time.Second + + // Connect to LDAP server + conn, err := ldap.Dial("tcp", address) + if err != nil { + return fmt.Errorf("failed to connect: %w", err) + } + defer conn.Close() + + fmt.Println("✓ Connection established") + + // If TLS is requested, upgrade the connection using StartTLS + if useTLS { + // Configure TLS to skip certificate verification for service checks + // In production environments, proper certificate validation should be used + tlsConfig := &tls.Config{ + InsecureSkipVerify: true, + } + + err = conn.StartTLS(tlsConfig) + if err != nil { + return fmt.Errorf("failed to start TLS: %w", err) + } + fmt.Println("✓ TLS negotiation successful") + } + + // First, try to discover the domain name from RootDSE + var domain string + searchRequest := ldap.NewSearchRequest( + "", + ldap.ScopeBaseObject, + ldap.NeverDerefAliases, + 0, + timeoutSec, + false, + "(objectClass=*)", + []string{"defaultNamingContext", "rootDomainNamingContext"}, + nil, + ) + + sr, err := conn.Search(searchRequest) + if err == nil && len(sr.Entries) > 0 { + entry := sr.Entries[0] + if defaultNC := entry.GetAttributeValue("defaultNamingContext"); defaultNC != "" { + // Extract domain from DC components (e.g., DC=office,DC=local -> office.local) + domain = ldapDNToDomain(defaultNC) + } + } + + // Attempt to bind (authenticate) + // Try various formats for Active Directory and standard LDAP + bindDNs := []string{ + username, // Simple username + } + + // If we discovered a domain, try Active Directory formats + if domain != "" { + bindDNs = append([]string{ + fmt.Sprintf("%s@%s", username, domain), // UserPrincipalName format (user@domain.com) + fmt.Sprintf("%s\\%s", domain[:len(domain)-len(".local")], username), // DOMAIN\user format (for .local domains) + }, bindDNs...) + } + + // Add traditional LDAP DN formats + bindDNs = append(bindDNs, + fmt.Sprintf("cn=%s", username), + fmt.Sprintf("uid=%s", username), + ) + + var bindErr error + for _, bindDN := range bindDNs { + bindErr = conn.Bind(bindDN, password) + if bindErr == nil { + fmt.Printf("✓ Authentication successful (bind DN: %s)\n", bindDN) + + // Perform a simple search to verify the connection is fully functional + verifyRequest := ldap.NewSearchRequest( + "", + ldap.ScopeBaseObject, + ldap.NeverDerefAliases, + 0, + timeoutSec, + false, + "(objectClass=*)", + []string{"namingContexts"}, + nil, + ) + + verifyResult, err := conn.Search(verifyRequest) + if err != nil { + return fmt.Errorf("bind succeeded but search failed: %w", err) + } + + if len(verifyResult.Entries) > 0 { + fmt.Println("✓ Directory search successful") + } + return nil + } + } + + return fmt.Errorf("authentication failed: %w", bindErr) +} + +// ldapDNToDomain converts an LDAP DN like "DC=office,DC=local" to "office.local" +func ldapDNToDomain(dn string) string { + parts, err := ldap.ParseDN(dn) + if err != nil || parts == nil { + return "" + } + + var domainParts []string + for _, rdn := range parts.RDNs { + for _, attr := range rdn.Attributes { + if attr.Type == "DC" { + domainParts = append(domainParts, attr.Value) + } + } + } + + if len(domainParts) == 0 { + return "" + } + + domain := "" + for _, part := range domainParts { + if domain != "" { + domain += "." + } + domain += part + } + return domain +} + +// checkLDAPBatch checks multiple username/password pairs from a CSV file +func checkLDAPBatch(server, csvFile string, useTLS bool, timeoutSec int) (*BatchCheckResult, error) { + // Read CSV file + file, err := os.Open(csvFile) + if err != nil { + return nil, fmt.Errorf("failed to open CSV file: %w", err) + } + defer file.Close() + + reader := csv.NewReader(file) + records, err := reader.ReadAll() + if err != nil { + return nil, fmt.Errorf("failed to read CSV file: %w", err) + } + + if len(records) == 0 { + return nil, fmt.Errorf("CSV file is empty") + } + + results := &BatchCheckResult{ + ValidCreds: []string{}, + InvalidCreds: []string{}, + } + + fmt.Printf("Checking %d credential(s) from %s...\n\n", len(records), csvFile) + + for i, record := range records { + if len(record) < 2 { + fmt.Printf("[%d/%d] ✗ Skipping invalid CSV row (need username,password)\n", i+1, len(records)) + continue + } + + username := record[0] + password := record[1] + results.Total++ + + fmt.Printf("[%d/%d] Testing %s... ", i+1, len(records), username) + + err := checkLDAP(server, username, password, useTLS, timeoutSec) + if err != nil { + fmt.Println("✗ INVALID") + results.Invalid++ + results.InvalidCreds = append(results.InvalidCreds, username) + } else { + fmt.Println("✓ VALID") + results.Valid++ + results.ValidCreds = append(results.ValidCreds, username) + } + } + + return results, nil +} diff --git a/check/check_smb.go b/check/check_smb.go new file mode 100644 index 0000000..0738aa8 --- /dev/null +++ b/check/check_smb.go @@ -0,0 +1,140 @@ +package check + +import ( + "fmt" + "net" + "os" + "time" + + "github.com/charmbracelet/log" + "github.com/hirochachacha/go-smb2" + "github.com/spf13/cobra" +) + +var smbCheckCmd = &cobra.Command{ + Use: "smb", + Short: "Check SMB server connectivity and authentication", + Long: `Verify SMB server is accessible and credentials are valid. +Can list shares or access a specific file on a share.`, + Run: func(cmd *cobra.Command, args []string) { + host, _ := cmd.Flags().GetString("host") + username, _ := cmd.Flags().GetString("username") + password, _ := cmd.Flags().GetString("password") + domain, _ := cmd.Flags().GetString("domain") + share, _ := cmd.Flags().GetString("share") + path, _ := cmd.Flags().GetString("path") + timeout, _ := cmd.Flags().GetInt("timeout") + + if err := checkSMB(host, username, password, domain, share, path, timeout); err != nil { + log.Error("SMB check failed", "error", err) + os.Exit(2) + } + fmt.Println("✓ SMB check passed") + os.Exit(0) + }, +} + +func setupSmbCheckCmd(cmd *cobra.Command) { + smbCheckCmd.Flags().StringP("host", "H", "", "SMB server address (IP or hostname)") + smbCheckCmd.Flags().StringP("username", "u", "", "Username for authentication") + smbCheckCmd.Flags().StringP("password", "p", "", "Password for authentication") + smbCheckCmd.Flags().StringP("domain", "d", "", "Domain name (optional, defaults to WORKGROUP)") + smbCheckCmd.Flags().StringP("share", "s", "", "Share name to list (e.g., C$, IPC$)") + smbCheckCmd.Flags().String("path", "", "Path to a file on the share to access (e.g., /Windows/System32/config)") + smbCheckCmd.Flags().IntP("timeout", "t", 10, "Connection timeout in seconds") + + smbCheckCmd.MarkFlagRequired("host") + smbCheckCmd.MarkFlagRequired("username") + smbCheckCmd.MarkFlagRequired("password") + + cmd.AddCommand(smbCheckCmd) +} + +func checkSMB(host, username, password, domain, share, path string, timeoutSec int) error { + // Default domain if not specified + if domain == "" { + domain = "WORKGROUP" + } + + // Connect to SMB server on port 445 + address := fmt.Sprintf("%s:445", host) + fmt.Printf("Connecting to SMB server at %s...\n", address) + + // Set timeout for dial + conn, err := net.DialTimeout("tcp", address, time.Duration(timeoutSec)*time.Second) + if err != nil { + return fmt.Errorf("failed to connect: %w", err) + } + defer conn.Close() + + fmt.Println("✓ Connection established") + + // Create SMB session + d := &smb2.Dialer{ + Initiator: &smb2.NTLMInitiator{ + User: username, + Password: password, + Domain: domain, + }, + } + + session, err := d.Dial(conn) + if err != nil { + return fmt.Errorf("authentication failed: %w", err) + } + defer session.Logoff() + + fmt.Printf("✓ Authentication successful (domain: %s, user: %s)\n", domain, username) + + // If share is specified, try to mount it + if share != "" { + fmt.Printf("Mounting share: %s\n", share) + fs, err := session.Mount(share) + if err != nil { + return fmt.Errorf("failed to mount share: %w", err) + } + defer fs.Umount() + + fmt.Printf("✓ Share mounted successfully: %s\n", share) + + // If path is specified, try to access it + if path != "" { + fmt.Printf("Accessing path: %s\n", path) + stat, err := fs.Stat(path) + if err != nil { + return fmt.Errorf("failed to access path: %w", err) + } + + if stat.IsDir() { + fmt.Printf("✓ Path accessible (directory): %s\n", path) + } else { + fmt.Printf("✓ Path accessible (file, size: %d bytes): %s\n", stat.Size(), path) + } + } else { + // List the share contents (root level) + entries, err := fs.ReadDir(".") + if err != nil { + return fmt.Errorf("failed to list share contents: %w", err) + } + + fmt.Printf("✓ Share listing successful (%d entries in root)\n", len(entries)) + if len(entries) > 0 { + fmt.Println("\nFirst few entries:") + for i, entry := range entries { + if i >= 5 { + break + } + entryType := "file" + if entry.IsDir() { + entryType = "dir " + } + fmt.Printf(" [%s] %s\n", entryType, entry.Name()) + } + } + } + } else { + fmt.Println("✓ Session verification successful (no share specified)") + } + + return nil +} diff --git a/check/check_ssh.go b/check/check_ssh.go new file mode 100644 index 0000000..1c7dbe6 --- /dev/null +++ b/check/check_ssh.go @@ -0,0 +1,126 @@ +package check + +import ( + "fmt" + "os" + "time" + + "github.com/charmbracelet/log" + "github.com/spf13/cobra" + "golang.org/x/crypto/ssh" +) + +var sshCheckCmd = &cobra.Command{ + Use: "ssh", + Short: "Check SSH server connectivity and authentication", + Long: `Verify SSH server is accessible and credentials are valid. +Optionally executes a command to verify full session functionality.`, + Run: func(cmd *cobra.Command, args []string) { + host, _ := cmd.Flags().GetString("host") + port, _ := cmd.Flags().GetInt("port") + username, _ := cmd.Flags().GetString("username") + password, _ := cmd.Flags().GetString("password") + keyFile, _ := cmd.Flags().GetString("key") + command, _ := cmd.Flags().GetString("command") + timeout, _ := cmd.Flags().GetInt("timeout") + + if err := checkSSH(host, port, username, password, keyFile, command, timeout); err != nil { + log.Error("SSH check failed", "error", err) + os.Exit(2) + } + fmt.Println("✓ SSH check passed") + os.Exit(0) + }, +} + +func setupSshCheckCmd(cmd *cobra.Command) { + sshCheckCmd.Flags().StringP("host", "H", "", "SSH server address (IP or hostname)") + sshCheckCmd.Flags().IntP("port", "P", 22, "SSH server port") + sshCheckCmd.Flags().StringP("username", "u", "", "Username for authentication") + sshCheckCmd.Flags().StringP("password", "p", "", "Password for authentication") + sshCheckCmd.Flags().StringP("key", "k", "", "Path to private key file for authentication") + sshCheckCmd.Flags().StringP("command", "c", "", "Optional command to execute (e.g., 'whoami')") + sshCheckCmd.Flags().IntP("timeout", "t", 10, "Connection timeout in seconds") + + sshCheckCmd.MarkFlagRequired("host") + sshCheckCmd.MarkFlagRequired("username") + + cmd.AddCommand(sshCheckCmd) +} + +func checkSSH(host string, port int, username, password, keyFile, command string, timeoutSec int) error { + address := fmt.Sprintf("%s:%d", host, port) + fmt.Printf("Connecting to SSH server at %s...\n", address) + + // Prepare authentication methods + var authMethods []ssh.AuthMethod + + // Add password authentication if provided + if password != "" { + authMethods = append(authMethods, ssh.Password(password)) + } + + // Add public key authentication if key file is provided + if keyFile != "" { + key, err := os.ReadFile(keyFile) + if err != nil { + return fmt.Errorf("failed to read private key file: %w", err) + } + + signer, err := ssh.ParsePrivateKey(key) + if err != nil { + return fmt.Errorf("failed to parse private key: %w", err) + } + + authMethods = append(authMethods, ssh.PublicKeys(signer)) + } + + if len(authMethods) == 0 { + return fmt.Errorf("no authentication method provided (need --password or --key)") + } + + // Configure SSH client + config := &ssh.ClientConfig{ + User: username, + Auth: authMethods, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), // For checking, we skip host key verification + Timeout: time.Duration(timeoutSec) * time.Second, + } + + // Connect to SSH server + client, err := ssh.Dial("tcp", address, config) + if err != nil { + return fmt.Errorf("failed to connect: %w", err) + } + defer client.Close() + + fmt.Println("✓ Connection established") + fmt.Printf("✓ Authentication successful (user: %s)\n", username) + + // If a command is specified, execute it + if command != "" { + session, err := client.NewSession() + if err != nil { + return fmt.Errorf("failed to create session: %w", err) + } + defer session.Close() + + fmt.Printf("Executing command: %s\n", command) + output, err := session.CombinedOutput(command) + if err != nil { + return fmt.Errorf("command execution failed: %w", err) + } + + fmt.Printf("✓ Command executed successfully\nOutput:\n%s\n", string(output)) + } else { + // Just verify session creation works + session, err := client.NewSession() + if err != nil { + return fmt.Errorf("failed to create session: %w", err) + } + session.Close() + fmt.Println("✓ Session verification successful") + } + + return nil +} diff --git a/check/main.go b/check/main.go new file mode 100644 index 0000000..a218015 --- /dev/null +++ b/check/main.go @@ -0,0 +1,30 @@ +package check + +import ( + "fmt" + + "github.com/UT-CTF/landschaft/util" + "github.com/spf13/cobra" +) + +// BatchCheckResult holds results of batch credential checking +type BatchCheckResult struct { + Total int + Valid int + Invalid int + ValidCreds []string + InvalidCreds []string +} + +func SetupCommand(cmd *cobra.Command) { + setupLdapCheckCmd(cmd) + setupKerberosCheckCmd(cmd) + setupSmbCheckCmd(cmd) + setupSshCheckCmd(cmd) +} + +func Run(cmd *cobra.Command) { + fmt.Println(util.ErrorStyle.Render("Error: No subcommand specified")) + fmt.Println() + _ = cmd.Usage() +} diff --git a/cmd/check.go b/cmd/check.go new file mode 100644 index 0000000..f0056dc --- /dev/null +++ b/cmd/check.go @@ -0,0 +1,23 @@ +package cmd + +import ( + "github.com/UT-CTF/landschaft/check" + "github.com/spf13/cobra" +) + +// checkCmd represents the check command +var checkCmd = &cobra.Command{ + Use: "check", + Short: "Perform service checks to verify connectivity and authentication", + Long: `Check various services (LDAP, Kerberos, SMB) to verify they are up and +functioning as intended. Each subcommand tests authentication and optionally +performs additional operations to validate service health.`, + Run: func(cmd *cobra.Command, args []string) { + check.Run(cmd) + }, +} + +func init() { + check.SetupCommand(checkCmd) + rootCmd.AddCommand(checkCmd) +} diff --git a/go.mod b/go.mod index 772cc27..002f62a 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/UT-CTF/landschaft -go 1.23.4 +go 1.26 require ( github.com/Masterminds/sprig/v3 v3.3.0 @@ -14,10 +14,14 @@ require ( require ( github.com/charmbracelet/huh v0.6.0 github.com/charmbracelet/x/term v0.2.1 + github.com/go-ldap/ldap/v3 v3.4.12 + github.com/hirochachacha/go-smb2 v1.1.0 + github.com/jcmturner/gokrb5/v8 v8.4.4 ) require ( dario.cat/mergo v1.0.1 // indirect + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/atotto/clipboard v0.1.4 // indirect @@ -31,10 +35,17 @@ require ( github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect + github.com/geoffgarside/ber v1.1.0 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect github.com/go-logfmt/logfmt v0.6.0 // indirect github.com/google/uuid v1.6.0 // indirect + github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/jcmturner/aescts/v2 v2.0.0 // indirect + github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect + github.com/jcmturner/gofork v1.7.6 // indirect + github.com/jcmturner/rpc/v2 v2.0.3 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect @@ -50,9 +61,10 @@ require ( github.com/spf13/cast v1.7.0 // indirect github.com/spf13/pflag v1.0.6 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect - golang.org/x/crypto v0.36.0 // indirect + golang.org/x/crypto v0.48.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect - golang.org/x/sync v0.12.0 // indirect - golang.org/x/sys v0.31.0 // indirect - golang.org/x/text v0.23.0 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.41.0 // indirect + golang.org/x/text v0.34.0 // indirect ) diff --git a/go.sum b/go.sum index f2cc772..17c76c0 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -8,6 +10,8 @@ github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+ github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= +github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI= +github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= @@ -41,6 +45,7 @@ github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0/go.mod github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ= github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= @@ -49,16 +54,41 @@ github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6 github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/geoffgarside/ber v1.1.0 h1:qTmFG4jJbwiSzSXoNJeHcOprVzZ8Ulde2Rrrifu5U9w= +github.com/geoffgarside/ber v1.1.0/go.mod h1:jVPKeCbj6MvQZhwLYsGwaGI52oUorHoHKNecGT85ZCc= +github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo= +github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4= +github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo= github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4= github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hirochachacha/go-smb2 v1.1.0 h1:b6hs9qKIql9eVXAiN0M2wSFY5xnhbHAQoCwRKbaRTZI= +github.com/hirochachacha/go-smb2 v1.1.0/go.mod h1:8F1A4d5EZzrGu5R7PU163UcMRDJQl4FtcxjBfsY8TZE= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jsimonetti/pwscheme v0.0.0-20220922140336-67a4d090f150 h1:ta6N7DaOQEACq28cLa0iRqXIbchByN9Lfll08CT2GBc= github.com/jsimonetti/pwscheme v0.0.0-20220922140336-67a4d090f150/go.mod h1:SiNTKDgjKQORnazFVHXhpny7UtU0iJOqtxd7R7sCfDI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -101,36 +131,84 @@ github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= +golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220921155015-db77216a4ee9/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= +golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220919170432-7a66f970e087/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= +golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From b769f355f4c7e25ec0d4963d4eff7490b1688e8f Mon Sep 17 00:00:00 2001 From: Ameya Purao Date: Fri, 20 Feb 2026 22:35:09 -0600 Subject: [PATCH 2/2] formatting? --- check/check_kerberos.go | 10 +++++----- check/check_ldap.go | 16 ++++++++-------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/check/check_kerberos.go b/check/check_kerberos.go index b6e9dfb..0aa1e61 100644 --- a/check/check_kerberos.go +++ b/check/check_kerberos.go @@ -35,26 +35,26 @@ credentials are valid. Obtains a Ticket Granting Ticket (TGT) to verify authenti log.Error("Kerberos batch check failed", "error", err) os.Exit(1) } - + // Print results fmt.Printf("\n=== Kerberos Batch Check Results ===\n") fmt.Printf("Total: %d | Valid: %d | Invalid: %d\n\n", results.Total, results.Valid, results.Invalid) - + if len(results.ValidCreds) > 0 { fmt.Println("✓ Valid credentials:") for _, cred := range results.ValidCreds { fmt.Printf(" • %s\n", cred) } } - + if len(results.InvalidCreds) > 0 { fmt.Println("\n✗ Invalid credentials:") for _, cred := range results.InvalidCreds { fmt.Printf(" • %s\n", cred) } } - + if results.Invalid > 0 { os.Exit(2) } @@ -165,7 +165,7 @@ func checkKerberos(kdc, realm, fqdn, username, password string, timeoutSec int) } fmt.Println("✓ Ticket verification successful") - + // Destroy the session cl.Destroy() diff --git a/check/check_ldap.go b/check/check_ldap.go index ba04c09..15af8ba 100644 --- a/check/check_ldap.go +++ b/check/check_ldap.go @@ -32,26 +32,26 @@ Performs a simple bind operation and optionally searches the directory.`, log.Error("LDAP batch check failed", "error", err) os.Exit(1) } - + // Print results fmt.Printf("\n=== LDAP Batch Check Results ===\n") fmt.Printf("Total: %d | Valid: %d | Invalid: %d\n\n", results.Total, results.Valid, results.Invalid) - + if len(results.ValidCreds) > 0 { fmt.Println("✓ Valid credentials:") for _, cred := range results.ValidCreds { fmt.Printf(" • %s\n", cred) } } - + if len(results.InvalidCreds) > 0 { fmt.Println("\n✗ Invalid credentials:") for _, cred := range results.InvalidCreds { fmt.Printf(" • %s\n", cred) } } - + if results.Invalid > 0 { os.Exit(2) } @@ -90,7 +90,7 @@ func checkLDAP(server, username, password string, useTLS bool, timeoutSec int) e // Always connect on port 389 initially port := "389" address := fmt.Sprintf("%s:%s", server, port) - + if useTLS { fmt.Printf("Connecting to ldap://%s (will upgrade to TLS via StartTLS)...\n", address) } else { @@ -116,7 +116,7 @@ func checkLDAP(server, username, password string, useTLS bool, timeoutSec int) e tlsConfig := &tls.Config{ InsecureSkipVerify: true, } - + err = conn.StartTLS(tlsConfig) if err != nil { return fmt.Errorf("failed to start TLS: %w", err) @@ -156,7 +156,7 @@ func checkLDAP(server, username, password string, useTLS bool, timeoutSec int) e // If we discovered a domain, try Active Directory formats if domain != "" { bindDNs = append([]string{ - fmt.Sprintf("%s@%s", username, domain), // UserPrincipalName format (user@domain.com) + fmt.Sprintf("%s@%s", username, domain), // UserPrincipalName format (user@domain.com) fmt.Sprintf("%s\\%s", domain[:len(domain)-len(".local")], username), // DOMAIN\user format (for .local domains) }, bindDNs...) } @@ -172,7 +172,7 @@ func checkLDAP(server, username, password string, useTLS bool, timeoutSec int) e bindErr = conn.Bind(bindDN, password) if bindErr == nil { fmt.Printf("✓ Authentication successful (bind DN: %s)\n", bindDN) - + // Perform a simple search to verify the connection is fully functional verifyRequest := ldap.NewSearchRequest( "",