forked from gitea/gitea
#1637 able to skip verify for LDAP
This commit is contained in:
parent
2bc3e83e1c
commit
f5c7f22cc8
|
@ -55,15 +55,15 @@ var (
|
|||
)
|
||||
|
||||
type LDAPConfig struct {
|
||||
ldap.Ldapsource
|
||||
*ldap.Source
|
||||
}
|
||||
|
||||
func (cfg *LDAPConfig) FromDB(bs []byte) error {
|
||||
return json.Unmarshal(bs, &cfg.Ldapsource)
|
||||
return json.Unmarshal(bs, &cfg)
|
||||
}
|
||||
|
||||
func (cfg *LDAPConfig) ToDB() ([]byte, error) {
|
||||
return json.Marshal(cfg.Ldapsource)
|
||||
return json.Marshal(cfg)
|
||||
}
|
||||
|
||||
type SMTPConfig struct {
|
||||
|
@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func (source *LoginSource) SkipVerify() bool {
|
||||
switch source.Type {
|
||||
case LDAP, DLDAP:
|
||||
return source.LDAP().SkipVerify
|
||||
case SMTP:
|
||||
return source.SMTP().SkipVerify
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func (source *LoginSource) LDAP() *LDAPConfig {
|
||||
return source.Cfg.(*LDAPConfig)
|
||||
}
|
||||
|
@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error {
|
|||
func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
|
||||
cfg := source.Cfg.(*LDAPConfig)
|
||||
directBind := (source.Type == DLDAP)
|
||||
fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind)
|
||||
fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
|
||||
if !logged {
|
||||
// User not in LDAP, do nothing
|
||||
return nil, ErrUserNotExist{0, name}
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
package ldap
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
|
||||
"github.com/gogits/gogs/modules/ldap"
|
||||
|
@ -14,11 +15,12 @@ import (
|
|||
)
|
||||
|
||||
// Basic LDAP authentication service
|
||||
type Ldapsource struct {
|
||||
type Source struct {
|
||||
Name string // canonical name (ie. corporate.ad)
|
||||
Host string // LDAP host
|
||||
Port int // port number
|
||||
UseSSL bool // Use SSL
|
||||
SkipVerify bool
|
||||
BindDN string // DN to bind with
|
||||
BindPassword string // Bind DN password
|
||||
UserBase string // Base search path for users
|
||||
|
@ -31,7 +33,7 @@ type Ldapsource struct {
|
|||
Enabled bool // if this source is disabled
|
||||
}
|
||||
|
||||
func (ls Ldapsource) FindUserDN(name string) (string, bool) {
|
||||
func (ls *Source) FindUserDN(name string) (string, bool) {
|
||||
l, err := ldapDial(ls)
|
||||
if err != nil {
|
||||
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
|
||||
|
@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
|
|||
}
|
||||
|
||||
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
|
||||
func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
|
||||
func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
|
||||
var userDN string
|
||||
if directBind {
|
||||
log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
|
||||
|
@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string,
|
|||
return name_attr, sn_attr, mail_attr, admin_attr, true
|
||||
}
|
||||
|
||||
func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
|
||||
func ldapDial(ls *Source) (*ldap.Conn, error) {
|
||||
if ls.UseSSL {
|
||||
log.Debug("Using TLS for LDAP")
|
||||
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
|
||||
log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
|
||||
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
|
||||
InsecureSkipVerify: ls.SkipVerify,
|
||||
})
|
||||
} else {
|
||||
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
|
||||
}
|
||||
|
|
|
@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) {
|
|||
|
||||
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
|
||||
return &models.LDAPConfig{
|
||||
Ldapsource: ldap.Ldapsource{
|
||||
Source: &ldap.Source{
|
||||
Name: form.Name,
|
||||
Host: form.Host,
|
||||
Port: form.Port,
|
||||
UseSSL: form.TLS,
|
||||
SkipVerify: form.SkipVerify,
|
||||
BindDN: form.BindDN,
|
||||
UserDN: form.UserDN,
|
||||
BindPassword: form.BindPassword,
|
||||
|
|
|
@ -123,14 +123,12 @@
|
|||
<input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}>
|
||||
</div>
|
||||
</div>
|
||||
{{if .Source.IsSMTP}}
|
||||
<div class="inline field">
|
||||
<div class="inline field {{if not (or (or .Source.IsLDAP .Source.IsDLDAP) .Source.IsSMTP)}}hide{{end}}">
|
||||
<div class="ui checkbox">
|
||||
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
||||
<input name="skip_verify" type="checkbox" {{if .Source.SMTP.SkipVerify}}checked{{end}}>
|
||||
<input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
<div class="inline field">
|
||||
<div class="ui checkbox">
|
||||
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>
|
||||
|
|
|
@ -122,7 +122,7 @@
|
|||
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
|
||||
</div>
|
||||
</div>
|
||||
<div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}">
|
||||
<div class="ldap dldap smtp inline field {{if not (or (or (eq .type 2) (eq .type 5)) (eq .type 3))}}hide{{end}}">
|
||||
<div class="ui checkbox">
|
||||
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
|
||||
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>
|
||||
|
|
Loading…
Reference in New Issue