Unknwon
10 years ago
5 changed files with 30 additions and 16 deletions
Split View
Diff Options
-
+15 -4models/login.go
-
+10 -6modules/auth/ldap/ldap.go
-
+2 -1routers/admin/auths.go
-
+2 -4templates/admin/auth/edit.tmpl
-
+1 -1templates/admin/auth/new.tmpl
+ 15
- 4
models/login.go
View File
| @@ -55,15 +55,15 @@ var ( | |||
| ) | |||
| type LDAPConfig struct { | |||
| ldap.Ldapsource | |||
| *ldap.Source | |||
| } | |||
| func (cfg *LDAPConfig) FromDB(bs []byte) error { | |||
| return json.Unmarshal(bs, &cfg.Ldapsource) | |||
| return json.Unmarshal(bs, &cfg) | |||
| } | |||
| func (cfg *LDAPConfig) ToDB() ([]byte, error) { | |||
| return json.Marshal(cfg.Ldapsource) | |||
| return json.Marshal(cfg) | |||
| } | |||
| type SMTPConfig struct { | |||
| @@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool { | |||
| return false | |||
| } | |||
| func (source *LoginSource) SkipVerify() bool { | |||
| switch source.Type { | |||
| case LDAP, DLDAP: | |||
| return source.LDAP().SkipVerify | |||
| case SMTP: | |||
| return source.SMTP().SkipVerify | |||
| } | |||
| return false | |||
| } | |||
| func (source *LoginSource) LDAP() *LDAPConfig { | |||
| return source.Cfg.(*LDAPConfig) | |||
| } | |||
| @@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error { | |||
| func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) { | |||
| cfg := source.Cfg.(*LDAPConfig) | |||
| directBind := (source.Type == DLDAP) | |||
| fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind) | |||
| fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind) | |||
| if !logged { | |||
| // User not in LDAP, do nothing | |||
| return nil, ErrUserNotExist{0, name} | |||
+ 10
- 6
modules/auth/ldap/ldap.go
View File
| @@ -7,6 +7,7 @@ | |||
| package ldap | |||
| import ( | |||
| "crypto/tls" | |||
| "fmt" | |||
| "github.com/gogits/gogs/modules/ldap" | |||
| @@ -14,11 +15,12 @@ import ( | |||
| ) | |||
| // Basic LDAP authentication service | |||
| type Ldapsource struct { | |||
| type Source struct { | |||
| Name string // canonical name (ie. corporate.ad) | |||
| Host string // LDAP host | |||
| Port int // port number | |||
| UseSSL bool // Use SSL | |||
| SkipVerify bool | |||
| BindDN string // DN to bind with | |||
| BindPassword string // Bind DN password | |||
| UserBase string // Base search path for users | |||
| @@ -31,7 +33,7 @@ type Ldapsource struct { | |||
| Enabled bool // if this source is disabled | |||
| } | |||
| func (ls Ldapsource) FindUserDN(name string) (string, bool) { | |||
| func (ls *Source) FindUserDN(name string) (string, bool) { | |||
| l, err := ldapDial(ls) | |||
| if err != nil { | |||
| log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) | |||
| @@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) { | |||
| } | |||
| // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter | |||
| func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { | |||
| func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { | |||
| var userDN string | |||
| if directBind { | |||
| log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN) | |||
| @@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, | |||
| return name_attr, sn_attr, mail_attr, admin_attr, true | |||
| } | |||
| func ldapDial(ls Ldapsource) (*ldap.Conn, error) { | |||
| func ldapDial(ls *Source) (*ldap.Conn, error) { | |||
| if ls.UseSSL { | |||
| log.Debug("Using TLS for LDAP") | |||
| return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) | |||
| log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify) | |||
| return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{ | |||
| InsecureSkipVerify: ls.SkipVerify, | |||
| }) | |||
| } else { | |||
| return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) | |||
| } | |||
+ 2
- 1
routers/admin/auths.go
View File
| @@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) { | |||
| func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig { | |||
| return &models.LDAPConfig{ | |||
| Ldapsource: ldap.Ldapsource{ | |||
| Source: &ldap.Source{ | |||
| Name: form.Name, | |||
| Host: form.Host, | |||
| Port: form.Port, | |||
| UseSSL: form.TLS, | |||
| SkipVerify: form.SkipVerify, | |||
| BindDN: form.BindDN, | |||
| UserDN: form.UserDN, | |||
| BindPassword: form.BindPassword, | |||
+ 2
- 4
templates/admin/auth/edit.tmpl
View File
| @@ -123,14 +123,12 @@ | |||
| <input name="tls" type="checkbox" {{if .Source.UseTLS}}checked{{end}}> | |||
| </div> | |||
| </div> | |||
| {{if .Source.IsSMTP}} | |||
| <div class="inline field"> | |||
| <div class="inline field {{if not (or (or .Source.IsLDAP .Source.IsDLDAP) .Source.IsSMTP)}}hide{{end}}"> | |||
| <div class="ui checkbox"> | |||
| <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label> | |||
| <input name="skip_verify" type="checkbox" {{if .Source.SMTP.SkipVerify}}checked{{end}}> | |||
| <input name="skip_verify" type="checkbox" {{if .Source.SkipVerify}}checked{{end}}> | |||
| </div> | |||
| </div> | |||
| {{end}} | |||
| <div class="inline field"> | |||
| <div class="ui checkbox"> | |||
| <label><strong>{{.i18n.Tr "admin.auths.activated"}}</strong></label> | |||
+ 1
- 1
templates/admin/auth/new.tmpl
View File
| @@ -122,7 +122,7 @@ | |||
| <input name="tls" type="checkbox" {{if .tls}}checked{{end}}> | |||
| </div> | |||
| </div> | |||
| <div class="smtp inline field {{if not (eq .type 3)}}hide{{end}}"> | |||
| <div class="ldap dldap smtp inline field {{if not (or (or (eq .type 2) (eq .type 5)) (eq .type 3))}}hide{{end}}"> | |||
| <div class="ui checkbox"> | |||
| <label><strong>{{.i18n.Tr "admin.auths.skip_tls_verify"}}</strong></label> | |||
| <input name="skip_verify" type="checkbox" {{if .skip_verify}}checked{{end}}> | |||