#1637 able to skip verify for LDAP

tokarchuk/v1.17
Unknwon 9 years ago
parent 2bc3e83e1c
commit f5c7f22cc8
  1. 19
      models/login.go
  2. 16
      modules/auth/ldap/ldap.go
  3. 3
      routers/admin/auths.go
  4. 6
      templates/admin/auth/edit.tmpl
  5. 2
      templates/admin/auth/new.tmpl

@ -55,15 +55,15 @@ var (
) )
type LDAPConfig struct { type LDAPConfig struct {
ldap.Ldapsource *ldap.Source
} }
func (cfg *LDAPConfig) FromDB(bs []byte) error { func (cfg *LDAPConfig) FromDB(bs []byte) error {
return json.Unmarshal(bs, &cfg.Ldapsource) return json.Unmarshal(bs, &cfg)
} }
func (cfg *LDAPConfig) ToDB() ([]byte, error) { func (cfg *LDAPConfig) ToDB() ([]byte, error) {
return json.Marshal(cfg.Ldapsource) return json.Marshal(cfg)
} }
type SMTPConfig struct { type SMTPConfig struct {
@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool {
return false return false
} }
func (source *LoginSource) SkipVerify() bool {
switch source.Type {
case LDAP, DLDAP:
return source.LDAP().SkipVerify
case SMTP:
return source.SMTP().SkipVerify
}
return false
}
func (source *LoginSource) LDAP() *LDAPConfig { func (source *LoginSource) LDAP() *LDAPConfig {
return source.Cfg.(*LDAPConfig) return source.Cfg.(*LDAPConfig)
} }
@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error {
func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) { func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
cfg := source.Cfg.(*LDAPConfig) cfg := source.Cfg.(*LDAPConfig)
directBind := (source.Type == DLDAP) directBind := (source.Type == DLDAP)
fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind) fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
if !logged { if !logged {
// User not in LDAP, do nothing // User not in LDAP, do nothing
return nil, ErrUserNotExist{0, name} return nil, ErrUserNotExist{0, name}

@ -7,6 +7,7 @@
package ldap package ldap
import ( import (
"crypto/tls"
"fmt" "fmt"
"github.com/gogits/gogs/modules/ldap" "github.com/gogits/gogs/modules/ldap"
@ -14,11 +15,12 @@ import (
) )
// Basic LDAP authentication service // Basic LDAP authentication service
type Ldapsource struct { type Source struct {
Name string // canonical name (ie. corporate.ad) Name string // canonical name (ie. corporate.ad)
Host string // LDAP host Host string // LDAP host
Port int // port number Port int // port number
UseSSL bool // Use SSL UseSSL bool // Use SSL
SkipVerify bool
BindDN string // DN to bind with BindDN string // DN to bind with
BindPassword string // Bind DN password BindPassword string // Bind DN password
UserBase string // Base search path for users UserBase string // Base search path for users
@ -31,7 +33,7 @@ type Ldapsource struct {
Enabled bool // if this source is disabled Enabled bool // if this source is disabled
} }
func (ls Ldapsource) FindUserDN(name string) (string, bool) { func (ls *Source) FindUserDN(name string) (string, bool) {
l, err := ldapDial(ls) l, err := ldapDial(ls)
if err != nil { if err != nil {
log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) {
} }
// searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
var userDN string var userDN string
if directBind { if directBind {
log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN) log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN)
@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string,
return name_attr, sn_attr, mail_attr, admin_attr, true return name_attr, sn_attr, mail_attr, admin_attr, true
} }
func ldapDial(ls Ldapsource) (*ldap.Conn, error) { func ldapDial(ls *Source) (*ldap.Conn, error) {
if ls.UseSSL { if ls.UseSSL {
log.Debug("Using TLS for LDAP") log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify)
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{
InsecureSkipVerify: ls.SkipVerify,
})
} else { } else {
return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
} }

@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) {
func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig { func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
return &models.LDAPConfig{ return &models.LDAPConfig{
Ldapsource: ldap.Ldapsource{ Source: &ldap.Source{
Name: form.Name, Name: form.Name,
Host: form.Host, Host: form.Host,
Port: form.Port, Port: form.Port,
UseSSL: form.TLS, UseSSL: form.TLS,
SkipVerify: form.SkipVerify,
BindDN: form.BindDN, BindDN: form.BindDN,
UserDN: form.UserDN, UserDN: form.UserDN,
BindPassword: form.BindPassword, BindPassword: form.BindPassword,

@ -123,14 +123,12 @@
<input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}> <input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}>
</div> </div>
</div> </div>
{{if .Source.IsSMTP}} <div class="inline field {{if not (or (or .Source.IsLDAP .Source.IsDLDAP) .Source.IsSMTP)}}hide{{end}}">
<div class="inline field">
<div class="ui checkbox"> <div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label> <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
<input name="skip_verify" type="checkbox" {{if .Source.SMTP.SkipVerify}}checked{{end}}> <input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}>
</div> </div>
</div> </div>
{{end}}
<div class="inline field"> <div class="inline field">
<div class="ui checkbox"> <div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label> <label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label>

@ -122,7 +122,7 @@
<input name="tls" type="checkbox" {{if .tls}}checked{{end}}> <input name="tls" type="checkbox" {{if .tls}}checked{{end}}>
</div> </div>
</div> </div>
<div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}"> <div class="ldap dldap smtp inline field {{if not (or (or (eq .type 2) (eq .type 5)) (eq .type 3))}}hide{{end}}">
<div class="ui checkbox"> <div class="ui checkbox">
<label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label> <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label>
<input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}> <input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}>

Loading…
Cancel
Save