tvl-depot/fun/watchblob/main.go

package main

import (
	"bufio"
	"encoding/xml"
	"fmt"
	"golang.org/x/crypto/ssh/terminal"
	"net/http"
	"os"
	"strings"
	"syscall"
)

// The XML response returned by the WatchGuard server
type Resp struct {
	Action      string `xml:"action"`
	LogonStatus int    `xml:"logon_status"`
	LogonId     int    `xml:"logon_id"`
	Error       string `xml:"errStr"`
	Challenge   string `xml:"chaStr"`
}

func main() {
	args := os.Args[1:]

	if len(args) != 1 {
		fmt.Fprintln(os.Stderr, "Usage: watchblob <vpn-host>")
		os.Exit(1)
	}

	host := args[0]

	username, password, err := readCredentials()
	if err != nil {
		fmt.Fprintf(os.Stderr, "Could not read credentials: %v\n", err)
	}

	fmt.Printf("Requesting challenge from %s as user %s\n", host, username)
	challenge, err := triggerChallengeResponse(&host, &username, &password)

	if err != nil || challenge.LogonStatus != 4 {
		fmt.Fprintln(os.Stderr, "Did not receive challenge from server")
		fmt.Fprintf(os.Stderr, "Response: %v\nError: %v\n", challenge, err)
		os.Exit(1)
	}

	token := getToken(&challenge)
	err = logon(&host, &challenge, &token)

	if err != nil {
		fmt.Fprintf(os.Stderr, "Logon failed: %v\n", err)
		os.Exit(1)
	}

	fmt.Printf("Login succeeded, you may now (quickly) authenticate OpenVPN with %s as your password\n", token)
}

func readCredentials() (string, string, error) {
	fmt.Printf("Username: ")
	reader := bufio.NewReader(os.Stdin)
	username, err := reader.ReadString('\n')

	fmt.Printf("Password: ")
	password, err := terminal.ReadPassword(syscall.Stdin)
	fmt.Println()

	// If an error occured, I don't care about which one it is.
	return strings.TrimSpace(username), strings.TrimSpace(string(password)), err
}

func triggerChallengeResponse(host *string, username *string, password *string) (r Resp, err error) {
	return request(templateUrl(host, templateChallengeTriggerUri(username, password)))
}

func getToken(challenge *Resp) string {
	fmt.Println(challenge.Challenge)

	reader := bufio.NewReader(os.Stdin)
	token, _ := reader.ReadString('\n')

	return strings.TrimSpace(token)
}

func logon(host *string, challenge *Resp, token *string) (err error) {
	resp, err := request(templateUrl(host, templateResponseUri(challenge.LogonId, token)))
	if err != nil {
		return
	}

	if resp.LogonStatus != 1 {
		err = fmt.Errorf("Challenge/response authentication failed: %v", resp)
	}

	return
}

func request(url string) (r Resp, err error) {
	resp, err := http.Get(url)
	if err != nil {
		return
	}

	defer resp.Body.Close()
	decoder := xml.NewDecoder(resp.Body)

	err = decoder.Decode(&r)
	return
}
feat: Initial working implementation 2017-02-11 12:27:12 +01:00			`package main`

			`import (`
			`"bufio"`
			`"encoding/xml"`
			`"fmt"`
fix: Portability of stdin 2017-02-11 16:33:16 +01:00			`"golang.org/x/crypto/ssh/terminal"`
feat: Initial working implementation 2017-02-11 12:27:12 +01:00			`"net/http"`
			`"os"`
			`"strings"`
fix: Portability of stdin 2017-02-11 16:33:16 +01:00			`"syscall"`
feat: Initial working implementation 2017-02-11 12:27:12 +01:00			`)`

			`// The XML response returned by the WatchGuard server`
			`type Resp struct {`
			Action string `xml:"action"`
			LogonStatus int `xml:"logon_status"`
			LogonId int `xml:"logon_id"`
			Error string `xml:"errStr"`
			Challenge string `xml:"chaStr"`
			`}`

			`func main() {`
			`args := os.Args[1:]`

feat: Don't echo password while inputting 2017-02-11 16:30:23 +01:00			`if len(args) != 1 {`
			`fmt.Fprintln(os.Stderr, "Usage: watchblob <vpn-host>")`
feat: Initial working implementation 2017-02-11 12:27:12 +01:00			`os.Exit(1)`
			`}`

			`host := args[0]`

feat: Don't echo password while inputting 2017-02-11 16:30:23 +01:00			`username, password, err := readCredentials()`
			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "Could not read credentials: %v\n", err)`
			`}`

fix: Two minor, silly fixes 2017-02-11 16:38:23 +01:00			`fmt.Printf("Requesting challenge from %s as user %s\n", host, username)`
fix: Remove trailing newlines from input 2017-02-11 16:32:36 +01:00			`challenge, err := triggerChallengeResponse(&host, &username, &password)`
feat: Initial working implementation 2017-02-11 12:27:12 +01:00
			`if err != nil \|\| challenge.LogonStatus != 4 {`
			`fmt.Fprintln(os.Stderr, "Did not receive challenge from server")`
			`fmt.Fprintf(os.Stderr, "Response: %v\nError: %v\n", challenge, err)`
			`os.Exit(1)`
			`}`

			`token := getToken(&challenge)`
			`err = logon(&host, &challenge, &token)`

			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "Logon failed: %v\n", err)`
			`os.Exit(1)`
			`}`

fix: Two minor, silly fixes 2017-02-11 16:38:23 +01:00			`fmt.Printf("Login succeeded, you may now (quickly) authenticate OpenVPN with %s as your password\n", token)`
feat: Initial working implementation 2017-02-11 12:27:12 +01:00			`}`

fix: Remove trailing newlines from input 2017-02-11 16:32:36 +01:00			`func readCredentials() (string, string, error) {`
feat: Don't echo password while inputting 2017-02-11 16:30:23 +01:00			`fmt.Printf("Username: ")`
			`reader := bufio.NewReader(os.Stdin)`
			`username, err := reader.ReadString('\n')`

			`fmt.Printf("Password: ")`
fix: Portability of stdin 2017-02-11 16:33:16 +01:00			`password, err := terminal.ReadPassword(syscall.Stdin)`
fix urls: Escape values in URLs For usernames and passwords containing special characters the URL parameters must be escaped. Because the entire URI is just query parameters I've opted for using net/url.Values for the entire URI. Fixes #1 2017-02-13 09:55:24 +01:00			`fmt.Println()`
feat: Don't echo password while inputting 2017-02-11 16:30:23 +01:00
			`// If an error occured, I don't care about which one it is.`
fix: Remove trailing newlines from input 2017-02-11 16:32:36 +01:00			`return strings.TrimSpace(username), strings.TrimSpace(string(password)), err`
feat: Don't echo password while inputting 2017-02-11 16:30:23 +01:00			`}`

feat: Initial working implementation 2017-02-11 12:27:12 +01:00			`func triggerChallengeResponse(host string, username string, password *string) (r Resp, err error) {`
			`return request(templateUrl(host, templateChallengeTriggerUri(username, password)))`
			`}`

			`func getToken(challenge *Resp) string {`
			`fmt.Println(challenge.Challenge)`

			`reader := bufio.NewReader(os.Stdin)`
			`token, _ := reader.ReadString('\n')`

			`return strings.TrimSpace(token)`
			`}`

			`func logon(host string, challenge Resp, token *string) (err error) {`
			`resp, err := request(templateUrl(host, templateResponseUri(challenge.LogonId, token)))`
			`if err != nil {`
			`return`
			`}`

			`if resp.LogonStatus != 1 {`
			`err = fmt.Errorf("Challenge/response authentication failed: %v", resp)`
			`}`

			`return`
			`}`

			`func request(url string) (r Resp, err error) {`
			`resp, err := http.Get(url)`
			`if err != nil {`
			`return`
			`}`

			`defer resp.Body.Close()`
			`decoder := xml.NewDecoder(resp.Body)`

			`err = decoder.Decode(&r)`
			`return`
			`}`