mirror of
https://github.com/go-gitea/gitea
synced 2024-12-24 03:35:55 +01:00
Security protocols
This commit is contained in:
parent
7612b5ec40
commit
05fd9d3f09
@ -44,9 +44,9 @@ var LoginNames = map[LoginType]string{
|
||||
}
|
||||
|
||||
var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
|
||||
ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted",
|
||||
ldap.SECURITY_PROTOCOL_LDAPS: "LDAPS",
|
||||
ldap.SECURITY_PROTOCOL_START_TLS: "StartTLS",
|
||||
ldap.SecurityProtocolUnencrypted: "Unencrypted",
|
||||
ldap.SecurityProtocolLdaps: "LDAPS",
|
||||
ldap.SecurityProtocolStartTls: "StartTLS",
|
||||
}
|
||||
|
||||
// Ensure structs implemented interface.
|
||||
@ -182,14 +182,14 @@ func (source *LoginSource) IsPAM() bool {
|
||||
|
||||
func (source *LoginSource) HasTLS() bool {
|
||||
return ((source.IsLDAP() || source.IsDLDAP()) &&
|
||||
source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) ||
|
||||
source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
|
||||
source.IsSMTP()
|
||||
}
|
||||
|
||||
func (source *LoginSource) UseTLS() bool {
|
||||
switch source.Type {
|
||||
case LoginLdap, LoginDldap:
|
||||
return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED
|
||||
return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
|
||||
case LoginSmtp:
|
||||
return source.SMTP().TLS
|
||||
}
|
||||
|
@ -20,9 +20,9 @@ type SecurityProtocol int
|
||||
|
||||
// Note: new type must be added at the end of list to maintain compatibility.
|
||||
const (
|
||||
SECURITY_PROTOCOL_UNENCRYPTED SecurityProtocol = iota
|
||||
SECURITY_PROTOCOL_LDAPS
|
||||
SECURITY_PROTOCOL_START_TLS
|
||||
SecurityProtocolUnencrypted SecurityProtocol = iota
|
||||
SecurityProtocolLdaps
|
||||
SecurityProtocolStartTls
|
||||
)
|
||||
|
||||
// Basic LDAP authentication service
|
||||
@ -118,7 +118,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
|
||||
ServerName: ls.Host,
|
||||
InsecureSkipVerify: ls.SkipVerify,
|
||||
}
|
||||
if ls.SecurityProtocol == SECURITY_PROTOCOL_LDAPS {
|
||||
if ls.SecurityProtocol == SecurityProtocolLdaps {
|
||||
return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)
|
||||
}
|
||||
|
||||
@ -127,7 +127,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
|
||||
return nil, fmt.Errorf("Dial: %v", err)
|
||||
}
|
||||
|
||||
if ls.SecurityProtocol == SECURITY_PROTOCOL_START_TLS {
|
||||
if ls.SecurityProtocol == SecurityProtocolStartTls {
|
||||
if err = conn.StartTLS(tlsCfg); err != nil {
|
||||
conn.Close()
|
||||
return nil, fmt.Errorf("StartTLS: %v", err)
|
||||
|
@ -54,9 +54,9 @@ var (
|
||||
{models.LoginNames[models.LoginPam], models.LoginPam},
|
||||
}
|
||||
securityProtocols = []dropdownItem{
|
||||
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
|
||||
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
|
||||
{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
|
||||
{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
|
||||
{models.SecurityProtocolNames[ldap.SecurityProtocolLdaps], ldap.SecurityProtocolLdaps},
|
||||
{models.SecurityProtocolNames[ldap.SecurityProtocolStartTls], ldap.SecurityProtocolStartTls},
|
||||
}
|
||||
)
|
||||
|
||||
@ -67,7 +67,7 @@ func NewAuthSource(ctx *context.Context) {
|
||||
|
||||
ctx.Data["type"] = models.LoginLdap
|
||||
ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap]
|
||||
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
|
||||
ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
|
||||
ctx.Data["smtp_auth"] = "PLAIN"
|
||||
ctx.Data["is_active"] = true
|
||||
ctx.Data["AuthSources"] = authSources
|
||||
@ -127,7 +127,7 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
|
||||
switch models.LoginType(form.Type) {
|
||||
case models.LoginLdap, models.LoginDldap:
|
||||
config = parseLDAPConfig(form)
|
||||
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
|
||||
hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
|
||||
case models.LoginSmtp:
|
||||
config = parseSMTPConfig(form)
|
||||
hasTLS = true
|
||||
|
Loading…
Reference in New Issue
Block a user