Security protocols

This commit is contained in:
Sandro Santilli 2016-11-07 17:38:43 +01:00
parent 7612b5ec40
commit 05fd9d3f09
3 changed files with 15 additions and 15 deletions

View file

@ -44,9 +44,9 @@ var LoginNames = map[LoginType]string{
} }
var SecurityProtocolNames = map[ldap.SecurityProtocol]string{ var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted", ldap.SecurityProtocolUnencrypted: "Unencrypted",
ldap.SECURITY_PROTOCOL_LDAPS: "LDAPS", ldap.SecurityProtocolLdaps: "LDAPS",
ldap.SECURITY_PROTOCOL_START_TLS: "StartTLS", ldap.SecurityProtocolStartTls: "StartTLS",
} }
// Ensure structs implemented interface. // Ensure structs implemented interface.
@ -182,14 +182,14 @@ func (source *LoginSource) IsPAM() bool {
func (source *LoginSource) HasTLS() bool { func (source *LoginSource) HasTLS() bool {
return ((source.IsLDAP() || source.IsDLDAP()) && return ((source.IsLDAP() || source.IsDLDAP()) &&
source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) || source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
source.IsSMTP() source.IsSMTP()
} }
func (source *LoginSource) UseTLS() bool { func (source *LoginSource) UseTLS() bool {
switch source.Type { switch source.Type {
case LoginLdap, LoginDldap: case LoginLdap, LoginDldap:
return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
case LoginSmtp: case LoginSmtp:
return source.SMTP().TLS return source.SMTP().TLS
} }

View file

@ -20,9 +20,9 @@ type SecurityProtocol int
// Note: new type must be added at the end of list to maintain compatibility. // Note: new type must be added at the end of list to maintain compatibility.
const ( const (
SECURITY_PROTOCOL_UNENCRYPTED SecurityProtocol = iota SecurityProtocolUnencrypted SecurityProtocol = iota
SECURITY_PROTOCOL_LDAPS SecurityProtocolLdaps
SECURITY_PROTOCOL_START_TLS SecurityProtocolStartTls
) )
// Basic LDAP authentication service // Basic LDAP authentication service
@ -118,7 +118,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
ServerName: ls.Host, ServerName: ls.Host,
InsecureSkipVerify: ls.SkipVerify, InsecureSkipVerify: ls.SkipVerify,
} }
if ls.SecurityProtocol == SECURITY_PROTOCOL_LDAPS { if ls.SecurityProtocol == SecurityProtocolLdaps {
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg) return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)
} }
@ -127,7 +127,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
return nil, fmt.Errorf("Dial: %v", err) return nil, fmt.Errorf("Dial: %v", err)
} }
if ls.SecurityProtocol == SECURITY_PROTOCOL_START_TLS { if ls.SecurityProtocol == SecurityProtocolStartTls {
if err = conn.StartTLS(tlsCfg); err != nil { if err = conn.StartTLS(tlsCfg); err != nil {
conn.Close() conn.Close()
return nil, fmt.Errorf("StartTLS: %v", err) return nil, fmt.Errorf("StartTLS: %v", err)

View file

@ -54,9 +54,9 @@ var (
{models.LoginNames[models.LoginPam], models.LoginPam}, {models.LoginNames[models.LoginPam], models.LoginPam},
} }
securityProtocols = []dropdownItem{ securityProtocols = []dropdownItem{
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED}, {models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS}, {models.SecurityProtocolNames[ldap.SecurityProtocolLdaps], ldap.SecurityProtocolLdaps},
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS}, {models.SecurityProtocolNames[ldap.SecurityProtocolStartTls], ldap.SecurityProtocolStartTls},
} }
) )
@ -67,7 +67,7 @@ func NewAuthSource(ctx *context.Context) {
ctx.Data["type"] = models.LoginLdap ctx.Data["type"] = models.LoginLdap
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap] ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap]
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED] ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
ctx.Data["smtp_auth"] = "PLAIN" ctx.Data["smtp_auth"] = "PLAIN"
ctx.Data["is_active"] = true ctx.Data["is_active"] = true
ctx.Data["AuthSources"] = authSources ctx.Data["AuthSources"] = authSources
@ -127,7 +127,7 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
switch models.LoginType(form.Type) { switch models.LoginType(form.Type) {
case models.LoginLdap, models.LoginDldap: case models.LoginLdap, models.LoginDldap:
config = parseLDAPConfig(form) config = parseLDAPConfig(form)
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
case models.LoginSmtp: case models.LoginSmtp:
config = parseSMTPConfig(form) config = parseSMTPConfig(form)
hasTLS = true hasTLS = true