Maitre Jedi Que la Force soit avec Toi | Salut à tous,
je viens à votre rencontre car j'ai un problème avec le plugin auth4openvpn.
Ce plugin sert à faire de l'authentification LDAP pour OpenVPN.
Mon problème, c'est que lorsque le plugin est appelé par openvpn lors de la connexion de l'utilisateur, j'ai une erreur dans l'observateur d’événement, tandis que si je lance le plugin via un cmd, pas de problème, l'observateur d’événement m'affiche une info avec le nom d'utilisateur.
Dans tous les cas l'authentification se fait bien.
Voici le détail de l'erreur :
Code :
- - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- - <System>
- <Provider Name="WSH" />
- <EventID Qualifiers="49152">1</EventID>
- <Level>2</Level>
- <Task>0</Task>
- <Keywords>0x80000000000000</Keywords>
- <TimeCreated SystemTime="2013-03-18T10:28:52.000000000Z" />
- <EventRecordID>6977</EventRecordID>
- <Channel>Application</Channel>
- <Computer>srv2008R2Hyperv</Computer>
- <Security />
- </System>
- - <EventData>
- <Data>Auth4OpenVPN: 424, Objet requis</Data>
- </EventData>
- </Event>
|
J'ai tenté de contacter le créateur du plugin mais j'ai pas eu de réponse.
Voici le code du plugin :
Code :
- '.............................................................................
- ' Auth4OpenVPN.vbs
- ' Jose Ortega,
- ' (C)2007.
- ' http://amigo4life.googlepages.com/openvpn
- '
- '.............................................................................
- Option Explicit
- Const SEVERITY_INFO = &H00
- Const SEVERITY_ERROR = &H01
- Const SEVERITY_WARNING = &H02
- Const ADS_SECURE_AUTHENTICATION = &H01
- Const ADS_USE_ENCRYPTION = &H02
- Const ADS_SERVER_BIND = &H0200
- Const ADS_SCOPE_SUBTREE = &H02
- Const cfgFilePath = "auth4openvpn.ini"
- 'Const cfgFilePath = "c:\program files\openvpn\config\auth4openvpn.ini"
- Dim fileContent, parameters,ovUser, ovPass
- '.............................................................................
- sub LogEvent(EventDescription, EventType)
- Dim objShell
- Set objShell = Wscript.CreateObject("Wscript.Shell" )
- objShell.LogEvent EventType, EventDescription
- Set objShell = nothing
- end sub
- '.............................................................................
- Sub Prn(textToPrint)
- wscript.echo textToPrint
- end sub
- '.............................................................................
- Function LogError (byVal ErrNumber)
- if errnumber = 0 then
- LogError = FALSE
- exit function
- end if
- Select Case ErrNumber
- case -2147217911, -2147023570
- LogEvent "Auth4OpenVPN: Incorrect credentials." & _
- vbNewline & _
- "Username: " & Ucase(ovUser), SEVERITY_WARNING
- case -2147217865
- LogEvent "Auth4OpenVPN: Cannot find server" & _
- " or LDAP path supplied.", SEVERITY_ERROR
- case else
- LogEvent "Auth4OpenVPN: " & errnumber & ", " & _
- err.description, SEVERITY_ERROR
- end Select
- LogError = TRUE
- end Function
- '.............................................................................
- Function IsAuthOK()
- Dim adoConn, AdoCmd, rsUserDN, rsGroupDN, userDN, groupDN, adUser
- Dim userGroupsArray, group
- Dim oDSP, myDSP, root
- Dim server, domain, ldapPath, adGroup, logging
- server = parameters(0) : domain = parameters(1)
- ldapPath = parameters(2) : adGroup = parameters(3)
- logging = parameters(4)
- '------------------------------------------------------------------------
- 'check credentials
- Set myDSP = GetObject("LDAP:" )
- On Error Resume Next
- Set root = myDSP.OpenDSObject("LDAP://" & server & "/" & _
- "RootDSE", domain & "\" & ovUser, _
- ovPass, ADS_SERVER_BIND AND _
- ADS_USE_ENCRYPTION)
- if LogError(err.number) then
- on error goto 0 'disable on error resume
- IsAuthOK = FALSE
- Exit Function
- end if
- Set root = nothing
- '------------------------------------------------------------------------
- Set adoConn = CreateObject("ADODB.Connection" )
- Set adoCmd = CreateObject("ADODB.Command" )
- with adoConn
- .Provider = "ADsDSOObject"
- .Properties("User ID" ) = domain & "\" & ovUser
- .Properties("Password" ) = ovPass
- .Properties("Encrypt Password" ) = TRUE
- .Properties("ADSI Flag" ) = &H01
- .Properties("Timeout" ) = 10
- .Open "Active Directory Provider"
- end with
- with adoCmd
- Set .ActiveConnection = adoConn
- .Properties("Page Size" ) = 10
- .Properties("Cache Results" ) = FALSE
- .Properties("Searchscope" ) = ADS_SCOPE_SUBTREE
- '----------------------------------------------------------------
- .CommandText = "SELECT distinguishedName FROM 'LDAP://" & _
- server & "/" & ldapPath & "' " & _
- "WHERE objectClass='user' " & _
- "AND saMaccountName='" & ovUser & "'"
- on error resume next
- Set rsUserDN = .Execute
- if LogError(err.number) then
- on error goto 0 'disable on error resume
- adoConn.Close
- Set adoConn = nothing
- Set AdoCmd = nothing
- IsAuthOK = FALSE
- Exit Function
- end if
- if rsUserDn.EOF then
- IsAuthOK = FALSE
- LogEvent "Auth4OpenVPN: Cannot find user under LDAP path" & _
- " set in Auth4OpenVPN.ini file.", SEVERITY_ERROR
- adoConn.Close
- Set adoConn = nothing
- Set AdoCmd = nothing
- Exit Function
- end if
- userDN = rsUserDN.Fields(0)
- '----------------------------------------------------------------
- .CommandText = "SELECT distinguishedName " & _
- "FROM 'LDAP://" & _
- server & "/" & ldapPath & "' " & _
- "WHERE objectClass='group' " & _
- "AND name='" & adGroup & "'"
- Set rsGroupDN = .Execute
- if rsGroupDN.EOF then
- IsAuthOK = FALSE
- LogEvent "Auth4OpenVPN: Cannot find Group under LDAP path" & _
- " set in Auth4OpenVPN.ini file.", SEVERITY_ERROR
- adoConn.Close
- Set adoConn = nothing
- Set AdoCmd = nothing
- Exit Function
- end if
- groupDN=rsGroupDN.fields(0)
- .CommandText = "SELECT distinguishedName " & _
- "FROM 'LDAP://" & _
- server & "/" & ldapPath & "' " & _
- "WHERE objectClass='group' " & _
- "AND name='" & adGroup & "'" & _
- "AND member='" & userDN & "'"
- Set rsGroupDN = .Execute
- if not rsGroupDN.EOF then
- if Ucase(logging) = "ON" then
- LogEvent "Auth4OpenVPN: " & _
- "Authentication successful." & vbNewline & _
- "Username: " & Ucase(ovUser), SEVERITY_INFO
- end if
- IsAuthOK = TRUE
- adoConn.Close
- Set adoConn = nothing
- Set AdoCmd = nothing
- Exit Function
- end if
- End With
- '--------------------------------------------------------------------
- IsAuthOK = FALSE
- LogEvent "Auth4OpenVPN: User is not a member of the group: " & _
- Ucase(adGroup) & vbNewline & "Username: " & _
- Ucase(ovUser), SEVERITY_WARNING
- Set adUser = nothing
- Set oDSP = nothing
- end Function
- '.............................................................................
- Function IsSettingsFileOK()
- Dim objFSO, openFile
- Set objFSO = CreateObject("Scripting.FileSystemObject" )
- If objFSO.FileExists(cfgFilePath) Then
- On Error Resume Next
- set openFile = objFSO.OpenTexTFile(cfgFilePath)
- if err.number then
- IsSettingsFileOK = FALSE
- LogEvent "Auth4OpenVPN: Cannot read Auth4OpenVPN.ini file.", _
- SEVERITY_ERROR
- On Error Goto 0 'disable On Error Resume
- Set objFSO = nothing
- Exit Function
- end if
- fileContent = openFile.ReadAll
- openFile.Close
- Else
- IsSettingsFileOK = FALSE
- LogEvent "Auth4OpenVPN: The Auth4OpenVPN.ini file is missing.", _
- SEVERITY_ERROR
- Set objFSO = nothing
- Exit Function
- End If
- Set objFSO = nothing
- IsSettingsFileOK = TRUE
- end Function
- '.............................................................................
- Function GetFirstMatch(PatternToMatch, StringToSearch)
- Dim regEx, CurrentMatch, CurrentMatches
- Set regEx = New RegExp
- with regEx
- .Pattern = PatternToMatch
- .IgnoreCase = TRUE
- .Global = TRUE
- .MultiLine = TRUE
- Set CurrentMatches = .Execute(StringToSearch)
- end with
- GetFirstMatch = ""
- If CurrentMatches.Count >= 1 Then
- Set CurrentMatch = CurrentMatches(0)
- If CurrentMatch.SubMatches.Count >= 1 Then
- GetFirstMatch = CurrentMatch.SubMatches (0)
- End If
- End If
- Set regEx = Nothing
- End Function
- '.............................................................................
- Function AreSettingsOK()
- Dim pattern
- Dim i
- parameters = Array ("SERVER", "DOMAIN", "DN", "GROUP", "LOGGING" )
- For i = 0 to 4
- pattern = ".*\r\n\s*" & parameters(i) & "\s*\=\s*\""(.*)\"""
- parameters(i) = Trim(getFirstMatch(pattern, fileContent))
- if Len(parameters(i)) = 0 then
- AreSettingsOK = FALSE
- LogEvent "Auth4OpenVPN: Missing settings in Auth4OpenVPN.ini" & _
- " file.", SEVERITY_ERROR
- Exit Function
- end if
- Next
- AreSettingsOK = TRUE
- End Function
- '.............................................................................
- Function AreCredentialsOK()
- if Wscript.Arguments.Count = 0 then
- 'no cmd args, read OpenVPN supplied credentials
- Dim myObj
- Set myObj = Wscript.CreateObject("Wscript.Shell" )
- ovUser = myObj.ExpandEnvironmentStrings("%username%" )
- ovPass = myObj.ExpandEnvironmentStrings("%password%" )
- Set myObj = nothing
- if Len(ovUser)=0 or Len(ovPass)=0 then
- AreCredentialsOK = FALSE
- LogEvent "Auth4OpenVPN: Empty username or password " & _
- "are not allowed.", SEVERITY_ERROR
- Exit Function
- end if
- AreCredentialsOK = TRUE
- Exit Function
- '-------------------------------------------------------------------
- Elseif Wscript.Arguments.Count = 2 then
- 'cmd args present, read user and pass provided for testing.
- ovUser = Trim(Wscript.Arguments(0))
- OvPass = Trim(Wscript.Arguments(1))
- if Len(ovUser)=0 or Len(ovPass)=0 then
- AreCredentialsOK = FALSE
- LogEvent "Auth4OpenVPN: Empty username or password " & _
- "are not allowed.", SEVERITY_ERROR
- Exit Function
- end if
- AreCredentialsOK = TRUE
- Exit Function
- Else
- LogEvent "Auth4OpenVPN: Invalid number of arguments.", _
- SEVERITY_ERROR
- AreCredentialsOK = FALSE
- End If
- End Function
- '.............................................................................
- Sub Main
- If AreCredentialsOk then
- if IsSettingsFileOK then
- if AreSettingsOK then
- if IsAuthOk then
- if Wscript.Arguments.Count = 0 then
- wscript.quit(0)
- else
- Prn "Authentication successful." & vbNewline
- wscript.quit(0)
- end if
- end if
- end if
- end if
- end if
- if Wscript.Arguments.Count = 0 then
- wscript.quit(1)
- else
- Prn "Authentication failed." & vbNewline & _
- "Check the Application logs for details." & vbNewline
- wscript.quit(1)
- end if
- end sub
- '.............................................................................
- Main
- '.............................................................................
|
Merci à vous tous
PS : Si je me suis trompé de catégorie. Mea Culpa.
|