diff options
| author | Sandro Santilli <strk@kbt.io> | 2016-11-07 17:38:43 +0100 |
|---|---|---|
| committer | Sandro Santilli <strk@kbt.io> | 2016-11-07 17:38:43 +0100 |
| commit | 05fd9d3f096e53bcf80b73345d6fa567fbf017e6 (patch) | |
| tree | f8626767c0759491625a9c8eb215cef3d2855163 | |
| parent | 7612b5ec40955a5a0b4d281645e33a86d1632f70 (diff) | |
| download | gitea-05fd9d3f096e53bcf80b73345d6fa567fbf017e6.tar.gz gitea-05fd9d3f096e53bcf80b73345d6fa567fbf017e6.zip | |
Security protocols
| -rw-r--r-- | models/login_source.go | 10 | ||||
| -rw-r--r-- | modules/auth/ldap/ldap.go | 10 | ||||
| -rw-r--r-- | routers/admin/auths.go | 10 |
3 files changed, 15 insertions, 15 deletions
diff --git a/models/login_source.go b/models/login_source.go index 3140d35c54..f3d4b2b96f 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -44,9 +44,9 @@ var LoginNames = map[LoginType]string{ } var SecurityProtocolNames = map[ldap.SecurityProtocol]string{ - ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted", - ldap.SECURITY_PROTOCOL_LDAPS: "LDAPS", - ldap.SECURITY_PROTOCOL_START_TLS: "StartTLS", + ldap.SecurityProtocolUnencrypted: "Unencrypted", + ldap.SecurityProtocolLdaps: "LDAPS", + ldap.SecurityProtocolStartTls: "StartTLS", } // Ensure structs implemented interface. @@ -182,14 +182,14 @@ func (source *LoginSource) IsPAM() bool { func (source *LoginSource) HasTLS() bool { return ((source.IsLDAP() || source.IsDLDAP()) && - source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) || + source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) || source.IsSMTP() } func (source *LoginSource) UseTLS() bool { switch source.Type { case LoginLdap, LoginDldap: - return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED + return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted case LoginSmtp: return source.SMTP().TLS } diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index b110fe6234..361ca5817f 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -20,9 +20,9 @@ type SecurityProtocol int // Note: new type must be added at the end of list to maintain compatibility. const ( - SECURITY_PROTOCOL_UNENCRYPTED SecurityProtocol = iota - SECURITY_PROTOCOL_LDAPS - SECURITY_PROTOCOL_START_TLS + SecurityProtocolUnencrypted SecurityProtocol = iota + SecurityProtocolLdaps + SecurityProtocolStartTls ) // Basic LDAP authentication service @@ -118,7 +118,7 @@ func dial(ls *Source) (*ldap.Conn, error) { ServerName: ls.Host, InsecureSkipVerify: ls.SkipVerify, } - if ls.SecurityProtocol == SECURITY_PROTOCOL_LDAPS { + if ls.SecurityProtocol == SecurityProtocolLdaps { return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg) } @@ -127,7 +127,7 @@ func dial(ls *Source) (*ldap.Conn, error) { return nil, fmt.Errorf("Dial: %v", err) } - if ls.SecurityProtocol == SECURITY_PROTOCOL_START_TLS { + if ls.SecurityProtocol == SecurityProtocolStartTls { if err = conn.StartTLS(tlsCfg); err != nil { conn.Close() return nil, fmt.Errorf("StartTLS: %v", err) diff --git a/routers/admin/auths.go b/routers/admin/auths.go index 7fbd1296a2..39c028ee07 100644 --- a/routers/admin/auths.go +++ b/routers/admin/auths.go @@ -54,9 +54,9 @@ var ( {models.LoginNames[models.LoginPam], models.LoginPam}, } securityProtocols = []dropdownItem{ - {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED}, - {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS}, - {models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS}, + {models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted}, + {models.SecurityProtocolNames[ldap.SecurityProtocolLdaps], ldap.SecurityProtocolLdaps}, + {models.SecurityProtocolNames[ldap.SecurityProtocolStartTls], ldap.SecurityProtocolStartTls}, } ) @@ -67,7 +67,7 @@ func NewAuthSource(ctx *context.Context) { ctx.Data["type"] = models.LoginLdap ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap] - ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED] + ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted] ctx.Data["smtp_auth"] = "PLAIN" ctx.Data["is_active"] = true ctx.Data["AuthSources"] = authSources @@ -127,7 +127,7 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) { switch models.LoginType(form.Type) { case models.LoginLdap, models.LoginDldap: config = parseLDAPConfig(form) - hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED + hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted case models.LoginSmtp: config = parseSMTPConfig(form) hasTLS = true |