Merge pull request #192 from DerDackel/ldapssl

Add LDAP over SSL support
author: Lunny Xiao <xiaolunwen@gmail.com> 2014-05-15 20:52:05 +0800
committer: Lunny Xiao <xiaolunwen@gmail.com> 2014-05-15 20:52:05 +0800
commit: 7869cfccb9ddf08069312c1e456908055d863e96 (patch)
tree: 556d84b5860efc1e4ea77573e11422bb4f2c413f
parent: b70db618547b2167cac7e35be5405fb385512f30 (diff)
parent: eb264a112b378d1ebdf8e1de076797dd56a0e6b8 (diff)
download: gitea-7869cfccb9ddf08069312c1e456908055d863e96.tar.gz
gitea-7869cfccb9ddf08069312c1e456908055d863e96.zip
8 files changed, 104 insertions, 6 deletions
diff --git a/conf/etc/supervisord.conf b/conf/etc/supervisord.conf
new file mode 100644
index 0000000000..e17f50a847
--- /dev/null
+++ b/conf/etc/supervisord.conf
@@ -0,0 +1,26 @@
+[unix_http_server]
+file=/tmp/supervisor.sock                       ; path to your socket file
+
+[supervisord]
+logfile=log/supervisord.log                    ; supervisord log file
+logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
+logfile_backups=10                              ; number of backed up logfiles
+loglevel=warn                                   ; info, debug, warn, trace
+pidfile=/tmp/supervisord.pid                    ; pidfile location
+nodaemon=false                                  ; run supervisord as a daemon
+minfds=1024                                     ; number of startup file descriptors
+minprocs=200                                    ; number of process descriptors
+user=root                                       ; default user
+childlogdir=log
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock           ; use a unix:// URL  for a unix socket
+
+[program:gogs]
+command = /root/Developer/gopath/src/github.com/gogits/gogs/start.sh	; here must be the real url, not ~ or $GOROOT like
+autostart = true
+stdout_logfile = log/supervisor-gogs-stderr.log
+stderr_logfile = log/supervisor-gogs-error.log
+\ No newline at end of file
diff --git a/gogs_supervisord.sh b/gogs_supervisord.sh
new file mode 100755
index 0000000000..43908094b5
--- /dev/null
+++ b/gogs_supervisord.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+echo 'plase remember to modify the command path in etc/conf/supervisord.conf(line 23)'
+
+PID="/tmp/supervisord.pid"
+CONF="conf/etc/supervisord.conf"
+
+LOGDIR="log"  
+if [ ! -d $LOGDIR ]; then  
+    mkdir $LOGDIR
+fi
+
+stop() {
+    if [ -f $PID ]; then
+        kill `cat -- $PID`
+        rm -f -- $PID
+        echo "stopped"
+    fi
+}
+
+start() {
+    echo "starting"
+    if [ ! -f $PID ]; then
+        supervisord -c $CONF
+        echo "started"
+    fi
+}
+
+case "$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    restart)
+        stop
+        start
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|restart}"
+esac
+\ No newline at end of file
diff --git a/modules/auth/authentication.go b/modules/auth/authentication.go
index 170b24a988..e9b215101b 100644
--- a/modules/auth/authentication.go
+++ b/modules/auth/authentication.go
@@ -21,6 +21,7 @@ type AuthenticationForm struct {
 	Domain            string `form:"domain"`
 	Host              string `form:"host"`
 	Port              int    `form:"port"`
+	UseSSL            bool   `form:"usessl"`
 	BaseDN            string `form:"base_dn"`
 	Attributes        string `form:"attributes"`
 	Filter            string `form:"filter"`
@@ -39,6 +40,7 @@ func (f *AuthenticationForm) Name(field string) string {
 		"Domain":     "Domain name",
 		"Host":       "Host address",
 		"Port":       "Port Number",
+		"UseSSL":     "Use SSL",
 		"BaseDN":     "Base DN",
 		"Attributes": "Search attributes",
 		"Filter":     "Search filter",
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 493339cde0..200490afb5 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -18,6 +18,7 @@ type Ldapsource struct {
 	Name         string // canonical name (ie. corporate.ad)
 	Host         string // LDAP host
 	Port         int    // port number
+	UseSSL       bool   // Use SSL
 	BaseDN       string // Base DN
 	Attributes   string // Attribut to search
 	Filter       string // Query filter to validate entry
@@ -31,8 +32,8 @@ var (
 )
 
 // Add a new source (LDAP directory) to the global pool
-func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
-	ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
+func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
+	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
 	Authensource = append(Authensource, ldaphost)
 }
 
@@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
 func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
-	l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	l, err := ldapDial(ls)
+
 	if err != nil {
 		log.Debug("LDAP Connect error, disabled source %s", ls.Host)
 		ls.Enabled = false
@@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
 	}
 	return "", true
 }
+
+func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
+	if ls.UseSSL {
+		return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
+	} else {
+		return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	}
+}
diff --git a/modules/base/conf.go b/modules/base/conf.go
index c38d335775..03e453e6d5 100644
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -200,11 +200,12 @@ func newLdapService() {
 			ldapname := Cfg.MustValue(v, "name", v)
 			ldaphost := Cfg.MustValue(v, "host")
 			ldapport := Cfg.MustInt(v, "port", 389)
+			ldapusessl := Cfg.MustBool(v, "usessl", false)
 			ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
 			ldapattribute := Cfg.MustValue(v, "attribute", "mail")
 			ldapfilter := Cfg.MustValue(v, "filter", "(*)")
 			ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
-			ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
+			ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
 			nbsrc++
 			log.Debug("%s added as LDAP source", ldapname)
 		}
diff --git a/routers/admin/auths.go b/routers/admin/auths.go
index 0bc2566a1c..b7b382cd94 100644
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 			Ldapsource: ldap.Ldapsource{
 				Host:         form.Host,
 				Port:         form.Port,
+				UseSSL:       form.UseSSL,
 				BaseDN:       form.BaseDN,
 				Attributes:   form.Attributes,
 				Filter:       form.Filter,
@@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 			Ldapsource: ldap.Ldapsource{
 				Host:         form.Host,
 				Port:         form.Port,
+				UseSSL:       form.UseSSL,
 				BaseDN:       form.BaseDN,
 				Attributes:   form.Attributes,
 				Filter:       form.Filter,
diff --git a/templates/admin/auths/edit.tmpl b/templates/admin/auths/edit.tmpl
index b3277242ce..f2ba68fd27 100644
--- a/templates/admin/auths/edit.tmpl
+++ b/templates/admin/auths/edit.tmpl
@@ -53,6 +53,14 @@
                         </div>
                     </div>
 
+                    <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                         <label class="col-md-3 control-label">Use SSL: </label>
+                         <div class="col-md-7">
+                              <input name="usessl" class="form-control" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
+                         </div>
+                    </div>
+
+
                     <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                         <label class="col-md-3 control-label">Base DN: </label>
                         <div class="col-md-7">
@@ -150,4 +158,4 @@
 
     </div>
 </div>
-{{template "base/footer" .}}
-\ No newline at end of file
+{{template "base/footer" .}}
diff --git a/templates/admin/auths/new.tmpl b/templates/admin/auths/new.tmpl
index 3741d9cc5f..f9d9892f61 100644
--- a/templates/admin/auths/new.tmpl
+++ b/templates/admin/auths/new.tmpl
@@ -51,6 +51,13 @@
                             </div>
                         </div>
 
+                        <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                             <label class="col-md-3 control-label">Use SSL: </label>
+                             <div class="col-md-7">
+                                  <input name="usessl" class="form-control" type="checkbox" {{if .usessl}}checked{{end}}>
+                             </div>
+                        </div>
+
                         <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                             <label class="col-md-3 control-label">Base DN: </label>
                             <div class="col-md-7">
@@ -158,4 +165,4 @@
         });
     });
 </script>
-{{template "base/footer" .}}
-\ No newline at end of file
+{{template "base/footer" .}}
author	Lunny Xiao <xiaolunwen@gmail.com>	2014-05-15 20:52:05 +0800
committer	Lunny Xiao <xiaolunwen@gmail.com>	2014-05-15 20:52:05 +0800
commit	7869cfccb9ddf08069312c1e456908055d863e96 (patch)
tree	556d84b5860efc1e4ea77573e11422bb4f2c413f
parent	b70db618547b2167cac7e35be5405fb385512f30 (diff)
parent	eb264a112b378d1ebdf8e1de076797dd56a0e6b8 (diff)
download	gitea-7869cfccb9ddf08069312c1e456908055d863e96.tar.gz gitea-7869cfccb9ddf08069312c1e456908055d863e96.zip