Browse Source

#1637 able to skip verify for LDAP

for-closed-social
Unknwon 9 years ago
parent
commit
f5c7f22cc8
5 changed files with 30 additions and 16 deletions
  1. +15
    -4
      models/login.go
  2. +10
    -6
      modules/auth/ldap/ldap.go
  3. +2
    -1
      routers/admin/auths.go
  4. +2
    -4
      templates/admin/auth/edit.tmpl
  5. +1
    -1
      templates/admin/auth/new.tmpl

+ 15
- 4
models/login.go View File

@ -55,15 +55,15 @@ var (
)
type LDAPConfig struct {
ldap.Ldapsource
*ldap.Source
}
func (cfg *LDAPConfig) FromDB(bs []byte) error {
return json.Unmarshal(bs, &cfg.Ldapsource)
return json.Unmarshal(bs, &cfg)
}
func (cfg *LDAPConfig) ToDB() ([]byte, error) {
return json.Marshal(cfg.Ldapsource)
return json.Marshal(cfg)
}
type SMTPConfig struct {
@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool {
return false
}
func (source *LoginSource) SkipVerify() bool {
switch source.Type {
case LDAP, DLDAP:
return source.LDAP().SkipVerify
case SMTP:
return source.SMTP().SkipVerify
}
return false
}
func (source *LoginSource) LDAP() *LDAPConfig {
return source.Cfg.(*LDAPConfig)
}
@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error {
func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
cfg := source.Cfg.(*LDAPConfig)
directBind := (source.Type == DLDAP)
fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind)
fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
if !logged {
// User not in LDAP, do nothing
return nil, ErrUserNotExist{0, name}

+ 10
- 6
modules/auth/ldap/ldap.go View File

@ -7,6 +7,7 @@
package ldap
import (
"crypto/tls"
"fmt"
"github.com/gogits/gogs/modules/ldap"
@ -14,11 +15,12 @@ import (
)
// Basic LDAP authentication service
type Ldapsource struct {
type Source struct {
Name string // canonical name (ie. corporate.ad)
Host string // LDAP host
Port int // port number
UseSSL bool // Use SSL
SkipVerify bool
BindDN string // DN to bind with
BindPassword string // Bind DN password
UserBase string // Base search path for users
@ -31,7 +33,7 @@ type Ldapsource struct {
Enabled bool // if this source is disabled
}
func (ls Ldapsource) FindUserDN(name string) (string, bool) {
func (ls *Source) FindUserDN(name string) (string, bool) {
l, err := ldapDial(ls)
if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
}
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
var userDN string
if directBind {
log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string,
return name_attr, sn_attr, mail_attr, admin_attr, true
}
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
func ldapDial(ls *Source) (*ldap.Conn, error) {
if ls.UseSSL {
log.Debug("Using TLS for LDAP")
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
InsecureSkipVerify: ls.SkipVerify,
})
} else {
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
}

+ 2
- 1
routers/admin/auths.go View File

@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) {
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
return &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{
Source: &ldap.Source{
Name: form.Name,
Host: form.Host,
Port: form.Port,
UseSSL: form.TLS,
SkipVerify: form.SkipVerify,
BindDN: form.BindDN,
UserDN: form.UserDN,
BindPassword: form.BindPassword,

+ 2
- 4
templates/admin/auth/edit.tmpl View File

@ -123,14 +123,12 @@
<input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}>
</div>
</div>
{{if .Source.IsSMTP}}
<div class="inline field">
<div class="inline field {{if not (or (or .Source.IsLDAP .Source.IsDLDAP) .Source.IsSMTP)}}hide{{end}}">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
<input name="skip_verify" type="checkbox" {{if .Source.SMTP.SkipVerify}}checked{{end}}>
<input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
</div>
</div>
{{end}}
<div class="inline field">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>

+ 1
- 1
templates/admin/auth/new.tmpl View File

@ -122,7 +122,7 @@
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
</div>
</div>
<div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}">
<div class="ldap dldap smtp inline field {{if not (or (or (eq .type 2) (eq .type 5)) (eq .type 3))}}hide{{end}}">
<div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>

Loading…
Cancel
Save