forked from gitea/gitea
Security protocols
This commit is contained in:
parent
7612b5ec40
commit
05fd9d3f09
|
@ -44,9 +44,9 @@ var LoginNames = map[LoginType]string{
|
||||||
}
|
}
|
||||||
|
|
||||||
var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
|
var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
|
||||||
ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted",
|
ldap.SecurityProtocolUnencrypted: "Unencrypted",
|
||||||
ldap.SECURITY_PROTOCOL_LDAPS: "LDAPS",
|
ldap.SecurityProtocolLdaps: "LDAPS",
|
||||||
ldap.SECURITY_PROTOCOL_START_TLS: "StartTLS",
|
ldap.SecurityProtocolStartTls: "StartTLS",
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure structs implemented interface.
|
// Ensure structs implemented interface.
|
||||||
|
@ -182,14 +182,14 @@ func (source *LoginSource) IsPAM() bool {
|
||||||
|
|
||||||
func (source *LoginSource) HasTLS() bool {
|
func (source *LoginSource) HasTLS() bool {
|
||||||
return ((source.IsLDAP() || source.IsDLDAP()) &&
|
return ((source.IsLDAP() || source.IsDLDAP()) &&
|
||||||
source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) ||
|
source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
|
||||||
source.IsSMTP()
|
source.IsSMTP()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (source *LoginSource) UseTLS() bool {
|
func (source *LoginSource) UseTLS() bool {
|
||||||
switch source.Type {
|
switch source.Type {
|
||||||
case LoginLdap, LoginDldap:
|
case LoginLdap, LoginDldap:
|
||||||
return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED
|
return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
|
||||||
case LoginSmtp:
|
case LoginSmtp:
|
||||||
return source.SMTP().TLS
|
return source.SMTP().TLS
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,9 +20,9 @@ type SecurityProtocol int
|
||||||
|
|
||||||
// Note: new type must be added at the end of list to maintain compatibility.
|
// Note: new type must be added at the end of list to maintain compatibility.
|
||||||
const (
|
const (
|
||||||
SECURITY_PROTOCOL_UNENCRYPTED SecurityProtocol = iota
|
SecurityProtocolUnencrypted SecurityProtocol = iota
|
||||||
SECURITY_PROTOCOL_LDAPS
|
SecurityProtocolLdaps
|
||||||
SECURITY_PROTOCOL_START_TLS
|
SecurityProtocolStartTls
|
||||||
)
|
)
|
||||||
|
|
||||||
// Basic LDAP authentication service
|
// Basic LDAP authentication service
|
||||||
|
@ -118,7 +118,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
|
||||||
ServerName: ls.Host,
|
ServerName: ls.Host,
|
||||||
InsecureSkipVerify: ls.SkipVerify,
|
InsecureSkipVerify: ls.SkipVerify,
|
||||||
}
|
}
|
||||||
if ls.SecurityProtocol == SECURITY_PROTOCOL_LDAPS {
|
if ls.SecurityProtocol == SecurityProtocolLdaps {
|
||||||
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)
|
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -127,7 +127,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
|
||||||
return nil, fmt.Errorf("Dial: %v", err)
|
return nil, fmt.Errorf("Dial: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if ls.SecurityProtocol == SECURITY_PROTOCOL_START_TLS {
|
if ls.SecurityProtocol == SecurityProtocolStartTls {
|
||||||
if err = conn.StartTLS(tlsCfg); err != nil {
|
if err = conn.StartTLS(tlsCfg); err != nil {
|
||||||
conn.Close()
|
conn.Close()
|
||||||
return nil, fmt.Errorf("StartTLS: %v", err)
|
return nil, fmt.Errorf("StartTLS: %v", err)
|
||||||
|
|
|
@ -54,9 +54,9 @@ var (
|
||||||
{models.LoginNames[models.LoginPam], models.LoginPam},
|
{models.LoginNames[models.LoginPam], models.LoginPam},
|
||||||
}
|
}
|
||||||
securityProtocols = []dropdownItem{
|
securityProtocols = []dropdownItem{
|
||||||
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
|
{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
|
||||||
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
|
{models.SecurityProtocolNames[ldap.SecurityProtocolLdaps], ldap.SecurityProtocolLdaps},
|
||||||
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
|
{models.SecurityProtocolNames[ldap.SecurityProtocolStartTls], ldap.SecurityProtocolStartTls},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -67,7 +67,7 @@ func NewAuthSource(ctx *context.Context) {
|
||||||
|
|
||||||
ctx.Data["type"] = models.LoginLdap
|
ctx.Data["type"] = models.LoginLdap
|
||||||
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap]
|
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap]
|
||||||
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
|
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
|
||||||
ctx.Data["smtp_auth"] = "PLAIN"
|
ctx.Data["smtp_auth"] = "PLAIN"
|
||||||
ctx.Data["is_active"] = true
|
ctx.Data["is_active"] = true
|
||||||
ctx.Data["AuthSources"] = authSources
|
ctx.Data["AuthSources"] = authSources
|
||||||
|
@ -127,7 +127,7 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
|
||||||
switch models.LoginType(form.Type) {
|
switch models.LoginType(form.Type) {
|
||||||
case models.LoginLdap, models.LoginDldap:
|
case models.LoginLdap, models.LoginDldap:
|
||||||
config = parseLDAPConfig(form)
|
config = parseLDAPConfig(form)
|
||||||
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
|
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
|
||||||
case models.LoginSmtp:
|
case models.LoginSmtp:
|
||||||
config = parseSMTPConfig(form)
|
config = parseSMTPConfig(form)
|
||||||
hasTLS = true
|
hasTLS = true
|
||||||
|
|
Loading…
Reference in New Issue