Security protocols

release/v1.15
Sandro Santilli 2016-11-07 17:38:43 +01:00
parent 7612b5ec40
commit 05fd9d3f09
3 changed files with 15 additions and 15 deletions

View File

@ -44,9 +44,9 @@ var LoginNames = map[LoginType]string{
}
var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted",
ldap.SECURITY_PROTOCOL_LDAPS: "LDAPS",
ldap.SECURITY_PROTOCOL_START_TLS: "StartTLS",
ldap.SecurityProtocolUnencrypted: "Unencrypted",
ldap.SecurityProtocolLdaps: "LDAPS",
ldap.SecurityProtocolStartTls: "StartTLS",
}
// Ensure structs implemented interface.
@ -182,14 +182,14 @@ func (source *LoginSource) IsPAM() bool {
func (source *LoginSource) HasTLS() bool {
return ((source.IsLDAP() || source.IsDLDAP()) &&
source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) ||
source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
source.IsSMTP()
}
func (source *LoginSource) UseTLS() bool {
switch source.Type {
case LoginLdap, LoginDldap:
return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED
return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
case LoginSmtp:
return source.SMTP().TLS
}

View File

@ -20,9 +20,9 @@ type SecurityProtocol int
// Note: new type must be added at the end of list to maintain compatibility.
const (
SECURITY_PROTOCOL_UNENCRYPTED SecurityProtocol = iota
SECURITY_PROTOCOL_LDAPS
SECURITY_PROTOCOL_START_TLS
SecurityProtocolUnencrypted SecurityProtocol = iota
SecurityProtocolLdaps
SecurityProtocolStartTls
)
// Basic LDAP authentication service
@ -118,7 +118,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
ServerName: ls.Host,
InsecureSkipVerify: ls.SkipVerify,
}
if ls.SecurityProtocol == SECURITY_PROTOCOL_LDAPS {
if ls.SecurityProtocol == SecurityProtocolLdaps {
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)
}
@ -127,7 +127,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
return nil, fmt.Errorf("Dial: %v", err)
}
if ls.SecurityProtocol == SECURITY_PROTOCOL_START_TLS {
if ls.SecurityProtocol == SecurityProtocolStartTls {
if err = conn.StartTLS(tlsCfg); err != nil {
conn.Close()
return nil, fmt.Errorf("StartTLS: %v", err)

View File

@ -54,9 +54,9 @@ var (
{models.LoginNames[models.LoginPam], models.LoginPam},
}
securityProtocols = []dropdownItem{
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
{models.SecurityProtocolNames[ldap.SecurityProtocolLdaps], ldap.SecurityProtocolLdaps},
{models.SecurityProtocolNames[ldap.SecurityProtocolStartTls], ldap.SecurityProtocolStartTls},
}
)
@ -67,7 +67,7 @@ func NewAuthSource(ctx *context.Context) {
ctx.Data["type"] = models.LoginLdap
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap]
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
ctx.Data["smtp_auth"] = "PLAIN"
ctx.Data["is_active"] = true
ctx.Data["AuthSources"] = authSources
@ -127,7 +127,7 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
switch models.LoginType(form.Type) {
case models.LoginLdap, models.LoginDldap:
config = parseLDAPConfig(form)
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
case models.LoginSmtp:
config = parseSMTPConfig(form)
hasTLS = true