diff --git a/models/login.go b/models/login.go index 1b7ecdf417..79a262c575 100644 --- a/models/login.go +++ b/models/login.go @@ -55,15 +55,15 @@ var ( ) type LDAPConfig struct { - ldap.Ldapsource + *ldap.Source } func (cfg *LDAPConfig) FromDB(bs []byte) error { - return json.Unmarshal(bs, &cfg.Ldapsource) + return json.Unmarshal(bs, &cfg) } func (cfg *LDAPConfig) ToDB() ([]byte, error) { - return json.Marshal(cfg.Ldapsource) + return json.Marshal(cfg) } type SMTPConfig struct { @@ -152,6 +152,17 @@ func (source *LoginSource) UseTLS() bool { return false } +func (source *LoginSource) SkipVerify() bool { + switch source.Type { + case LDAP, DLDAP: + return source.LDAP().SkipVerify + case SMTP: + return source.SMTP().SkipVerify + } + + return false +} + func (source *LoginSource) LDAP() *LDAPConfig { return source.Cfg.(*LDAPConfig) } @@ -221,7 +232,7 @@ func DeleteSource(source *LoginSource) error { func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) { cfg := source.Cfg.(*LDAPConfig) directBind := (source.Type == DLDAP) - fn, sn, mail, admin, logged := cfg.Ldapsource.SearchEntry(name, passwd, directBind) + fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind) if !logged { // User not in LDAP, do nothing return nil, ErrUserNotExist{0, name} diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 3e6f9731c1..1f87690526 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -7,6 +7,7 @@ package ldap import ( + "crypto/tls" "fmt" "github.com/gogits/gogs/modules/ldap" @@ -14,11 +15,12 @@ import ( ) // Basic LDAP authentication service -type Ldapsource struct { +type Source struct { Name string // canonical name (ie. corporate.ad) Host string // LDAP host Port int // port number UseSSL bool // Use SSL + SkipVerify bool BindDN string // DN to bind with BindPassword string // Bind DN password UserBase string // Base search path for users @@ -31,7 +33,7 @@ type Ldapsource struct { Enabled bool // if this source is disabled } -func (ls Ldapsource) FindUserDN(name string) (string, bool) { +func (ls *Source) FindUserDN(name string) (string, bool) { l, err := ldapDial(ls) if err != nil { log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err) @@ -79,7 +81,7 @@ func (ls Ldapsource) FindUserDN(name string) (string, bool) { } // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter -func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { +func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) { var userDN string if directBind { log.Trace("LDAP will bind directly via UserDN: %s", ls.UserDN) @@ -154,10 +156,12 @@ func (ls Ldapsource) SearchEntry(name, passwd string, directBind bool) (string, return name_attr, sn_attr, mail_attr, admin_attr, true } -func ldapDial(ls Ldapsource) (*ldap.Conn, error) { +func ldapDial(ls *Source) (*ldap.Conn, error) { if ls.UseSSL { - log.Debug("Using TLS for LDAP") - return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil) + log.Debug("Using TLS for LDAP without verifying: %v", ls.SkipVerify) + return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), &tls.Config{ + InsecureSkipVerify: ls.SkipVerify, + }) } else { return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) } diff --git a/routers/admin/auths.go b/routers/admin/auths.go index a218ee09b7..e264f7a8ba 100644 --- a/routers/admin/auths.go +++ b/routers/admin/auths.go @@ -67,11 +67,12 @@ func NewAuthSource(ctx *middleware.Context) { func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig { return &models.LDAPConfig{ - Ldapsource: ldap.Ldapsource{ + Source: &ldap.Source{ Name: form.Name, Host: form.Host, Port: form.Port, UseSSL: form.TLS, + SkipVerify: form.SkipVerify, BindDN: form.BindDN, UserDN: form.UserDN, BindPassword: form.BindPassword, diff --git a/templates/admin/auth/edit.tmpl b/templates/admin/auth/edit.tmpl index 377bbbcffa..1cd647cc56 100644 --- a/templates/admin/auth/edit.tmpl +++ b/templates/admin/auth/edit.tmpl @@ -123,14 +123,12 @@ - {{if .Source.IsSMTP}} -