forked from gitea/gitea
#1637 able to skip verify for LDAP
This commit is contained in:
parent
2bc3e83e1c
commit
f5c7f22cc8
|
@ -55,15 +55,15 @@ var (
|
||||||
)
|
)
|
||||||
|
|
||||||
type LDAPConfig struct {
|
type LDAPConfig struct {
|
||||||
ldap.Ldapsource
|
*ldap.Source
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cfg *LDAPConfig) FromDB(bs []byte) error {
|
func (cfg *LDAPConfig) FromDB(bs []byte) error {
|
||||||
return json.Unmarshal(bs, &cfg.Ldapsource)
|
return json.Unmarshal(bs, &cfg)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cfg *LDAPConfig) ToDB() ([]byte, error) {
|
func (cfg *LDAPConfig) ToDB() ([]byte, error) {
|
||||||
return json.Marshal(cfg.Ldapsource)
|
return json.Marshal(cfg)
|
||||||
}
|
}
|
||||||
|
|
||||||
type SMTPConfig struct {
|
type SMTPConfig struct {
|
||||||
|
@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (source *LoginSource) SkipVerify() bool {
|
||||||
|
switch source.Type {
|
||||||
|
case LDAP, DLDAP:
|
||||||
|
return source.LDAP().SkipVerify
|
||||||
|
case SMTP:
|
||||||
|
return source.SMTP().SkipVerify
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func (source *LoginSource) LDAP() *LDAPConfig {
|
func (source *LoginSource) LDAP() *LDAPConfig {
|
||||||
return source.Cfg.(*LDAPConfig)
|
return source.Cfg.(*LDAPConfig)
|
||||||
}
|
}
|
||||||
|
@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error {
|
||||||
func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
|
func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
|
||||||
cfg := source.Cfg.(*LDAPConfig)
|
cfg := source.Cfg.(*LDAPConfig)
|
||||||
directBind := (source.Type == DLDAP)
|
directBind := (source.Type == DLDAP)
|
||||||
fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind)
|
fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
|
||||||
if !logged {
|
if !logged {
|
||||||
// User not in LDAP, do nothing
|
// User not in LDAP, do nothing
|
||||||
return nil, ErrUserNotExist{0, name}
|
return nil, ErrUserNotExist{0, name}
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
package ldap
|
package ldap
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/gogits/gogs/modules/ldap"
|
"github.com/gogits/gogs/modules/ldap"
|
||||||
|
@ -14,11 +15,12 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// Basic LDAP authentication service
|
// Basic LDAP authentication service
|
||||||
type Ldapsource struct {
|
type Source struct {
|
||||||
Name string // canonical name (ie. corporate.ad)
|
Name string // canonical name (ie. corporate.ad)
|
||||||
Host string // LDAP host
|
Host string // LDAP host
|
||||||
Port int // port number
|
Port int // port number
|
||||||
UseSSL bool // Use SSL
|
UseSSL bool // Use SSL
|
||||||
|
SkipVerify bool
|
||||||
BindDN string // DN to bind with
|
BindDN string // DN to bind with
|
||||||
BindPassword string // Bind DN password
|
BindPassword string // Bind DN password
|
||||||
UserBase string // Base search path for users
|
UserBase string // Base search path for users
|
||||||
|
@ -31,7 +33,7 @@ type Ldapsource struct {
|
||||||
Enabled bool // if this source is disabled
|
Enabled bool // if this source is disabled
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ls Ldapsource) FindUserDN(name string) (string, bool) {
|
func (ls *Source) FindUserDN(name string) (string, bool) {
|
||||||
l, err := ldapDial(ls)
|
l, err := ldapDial(ls)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
|
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
|
||||||
|
@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
|
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
|
||||||
func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
|
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
|
||||||
var userDN string
|
var userDN string
|
||||||
if directBind {
|
if directBind {
|
||||||
log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
|
log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
|
||||||
|
@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string,
|
||||||
return name_attr, sn_attr, mail_attr, admin_attr, true
|
return name_attr, sn_attr, mail_attr, admin_attr, true
|
||||||
}
|
}
|
||||||
|
|
||||||
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
|
func ldapDial(ls *Source) (*ldap.Conn, error) {
|
||||||
if ls.UseSSL {
|
if ls.UseSSL {
|
||||||
log.Debug("Using TLS for LDAP")
|
log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
|
||||||
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
|
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
|
||||||
|
InsecureSkipVerify: ls.SkipVerify,
|
||||||
|
})
|
||||||
} else {
|
} else {
|
||||||
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
|
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) {
|
||||||
|
|
||||||
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
|
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
|
||||||
return &models.LDAPConfig{
|
return &models.LDAPConfig{
|
||||||
Ldapsource: ldap.Ldapsource{
|
Source: &ldap.Source{
|
||||||
Name: form.Name,
|
Name: form.Name,
|
||||||
Host: form.Host,
|
Host: form.Host,
|
||||||
Port: form.Port,
|
Port: form.Port,
|
||||||
UseSSL: form.TLS,
|
UseSSL: form.TLS,
|
||||||
|
SkipVerify: form.SkipVerify,
|
||||||
BindDN: form.BindDN,
|
BindDN: form.BindDN,
|
||||||
UserDN: form.UserDN,
|
UserDN: form.UserDN,
|
||||||
BindPassword: form.BindPassword,
|
BindPassword: form.BindPassword,
|
||||||
|
|
|
@ -123,14 +123,12 @@
|
||||||
<input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}>
|
<input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{{if .Source.IsSMTP}}
|
<div class="inline field {{if not (or (or .Source.IsLDAP .Source.IsDLDAP) .Source.IsSMTP)}}hide{{end}}">
|
||||||
<div class="inline field">
|
|
||||||
<div class="ui checkbox">
|
<div class="ui checkbox">
|
||||||
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
||||||
<input name="skip_verify" type="checkbox" {{if .Source.SMTP.SkipVerify}}checked{{end}}>
|
<input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
{{end}}
|
|
||||||
<div class="inline field">
|
<div class="inline field">
|
||||||
<div class="ui checkbox">
|
<div class="ui checkbox">
|
||||||
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>
|
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>
|
||||||
|
|
|
@ -122,7 +122,7 @@
|
||||||
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
|
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}">
|
<div class="ldap dldap smtp inline field {{if not (or (or (eq .type 2) (eq .type 5)) (eq .type 3))}}hide{{end}}">
|
||||||
<div class="ui checkbox">
|
<div class="ui checkbox">
|
||||||
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
||||||
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>
|
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>
|
||||||
|
|
Loading…
Reference in New Issue