playground
/
gogs
mirror of https://github.com/gogits/gogs.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

#1637 able to skip verify for LDAP

pull/1662/head
Unknwon 9 years ago
parent
2bc3e83e1c
commit
f5c7f22cc8
5 changed files with 30 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      models/login.go
  2. 16
      modules/auth/ldap/ldap.go
  3. 3
      routers/admin/auths.go
  4. 6
      templates/admin/auth/edit.tmpl
  5. 2
      templates/admin/auth/new.tmpl

19
models/login.go
Unescape View File

@ -55,15 +55,15 @@ var (
) )
type LDAPConfig struct { type LDAPConfig struct {
ldap.Ldapsource *ldap.Source
} }
func (cfg *LDAPConfig) FromDB(bs []byte) error { func (cfg *LDAPConfig) FromDB(bs []byte) error {
return json.Unmarshal(bs, &cfg.Ldapsource) return json.Unmarshal(bs, &cfg)
} }
func (cfg *LDAPConfig) ToDB() ([]byte, error) { func (cfg *LDAPConfig) ToDB() ([]byte, error) {
return json.Marshal(cfg.Ldapsource) return json.Marshal(cfg)
} }
type SMTPConfig struct { type SMTPConfig struct {
@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool {
return false return false
} }
func (source *LoginSource) SkipVerify() bool {
switch source.Type {
case LDAP, DLDAP:
return source.LDAP().SkipVerify
case SMTP:
return source.SMTP().SkipVerify
}
return false
}
func (source *LoginSource) LDAP() *LDAPConfig { func (source *LoginSource) LDAP() *LDAPConfig {
return source.Cfg.(*LDAPConfig) return source.Cfg.(*LDAPConfig)
} }
@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error {
func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) { func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
cfg := source.Cfg.(*LDAPConfig) cfg := source.Cfg.(*LDAPConfig)
directBind := (source.Type == DLDAP) directBind := (source.Type == DLDAP)
fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind) fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
if !logged { if !logged {
// User not in LDAP, do nothing // User not in LDAP, do nothing
return nil, ErrUserNotExist{0, name} return nil, ErrUserNotExist{0, name}

16
modules/auth/ldap/ldap.go
Unescape View File

@ -7,6 +7,7 @@
package ldap package ldap
import ( import (
"crypto/tls"
"fmt" "fmt"
"github.com/gogits/gogs/modules/ldap" "github.com/gogits/gogs/modules/ldap"
@ -14,11 +15,12 @@ import (
) )
// Basic LDAP authentication service // Basic LDAP authentication service
type Ldapsource struct { type Source struct {
Name string // canonical name (ie. corporate.ad) Name string // canonical name (ie. corporate.ad)
Host string // LDAP host Host string // LDAP host
Port int // port number Port int // port number
UseSSL bool // Use SSL UseSSL bool // Use SSL
SkipVerify bool
BindDN string // DN to bind with BindDN string // DN to bind with
BindPassword string // Bind DN password BindPassword string // Bind DN password
UserBase string // Base search path for users UserBase string // Base search path for users
@ -31,7 +33,7 @@ type Ldapsource struct {
Enabled bool // if this source is disabled Enabled bool // if this source is disabled
} }
func (ls Ldapsource) FindUserDN(name string) (string, bool) { func (ls *Source) FindUserDN(name string) (string, bool) {
l, err := ldapDial(ls) l, err := ldapDial(ls)
if err != nil { if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
} }
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
var userDN string var userDN string
if directBind { if directBind {
log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN) log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string,
return name_attr, sn_attr, mail_attr, admin_attr, true return name_attr, sn_attr, mail_attr, admin_attr, true
} }
func ldapDial(ls Ldapsource) (*ldap.Conn, error) { func ldapDial(ls *Source) (*ldap.Conn, error) {
if ls.UseSSL { if ls.UseSSL {
log.Debug("Using TLS for LDAP") log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
InsecureSkipVerify: ls.SkipVerify,
})
} else { } else {
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
} }

3
routers/admin/auths.go
Unescape View File

@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) {
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig { func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
return &models.LDAPConfig{ return &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{ Source: &ldap.Source{
Name: form.Name, Name: form.Name,
Host: form.Host, Host: form.Host,
Port: form.Port, Port: form.Port,
UseSSL: form.TLS, UseSSL: form.TLS,
SkipVerify: form.SkipVerify,
BindDN: form.BindDN, BindDN: form.BindDN,
UserDN: form.UserDN, UserDN: form.UserDN,
BindPassword: form.BindPassword, BindPassword: form.BindPassword,

6
templates/admin/auth/edit.tmpl
Unescape View File

@ -123,14 +123,12 @@
<input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}> <input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}>
</div> </div>
</div> </div>
{{if .Source.IsSMTP}} <div class="inline field {{if not (or (or .Source.IsLDAP .Source.IsDLDAP) .Source.IsSMTP)}}hide{{end}}">
<div class="inline field">
<div class="ui checkbox"> <div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label> <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
<input name="skip_verify" type="checkbox" {{if .Source.SMTP.SkipVerify}}checked{{end}}> <input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
</div> </div>
</div> </div>
{{end}}
<div class="inline field"> <div class="inline field">
<div class="ui checkbox"> <div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label> <label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>

2
templates/admin/auth/new.tmpl
Unescape View File

@ -122,7 +122,7 @@
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}> <input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
</div> </div>
</div> </div>
<div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}"> <div class="ldap dldap smtp inline field {{if not (or (or (eq .type 2) (eq .type 5)) (eq .type 3))}}hide{{end}}">
<div class="ui checkbox"> <div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label> <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}> <input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>

Write Preview
Loading…
Cancel
Save