diff options
| author | Unknwon <u@gogs.io> | 2016-07-08 07:25:09 +0800 |
|---|---|---|
| committer | Unknwon <u@gogs.io> | 2016-07-08 07:25:09 +0800 |
| commit | 401bf944ef4b09e7d4ca85d7272dbd32e7e950a0 (patch) | |
| tree | 7e9af9199616f4704d4e1e9e0bfcf97d537693e4 /models/login.go | |
| parent | 326c98266040a69ceec51c3804c372c7af47e027 (diff) | |
| download | gitea-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.tar.gz gitea-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.zip | |
Use SecurityProtocol to replace UseSSL in LDAP config
Initially proposed by #2376 and fixes #3068 as well.
Diffstat (limited to 'models/login.go')
| -rw-r--r-- | models/login.go | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/models/login.go b/models/login.go index 6ed4fefbdf..22edc25b55 100644 --- a/models/login.go +++ b/models/login.go @@ -23,6 +23,11 @@ import ( "github.com/gogits/gogs/modules/log" ) +var ( + ErrAuthenticationAlreadyExist = errors.New("Authentication already exist") + ErrAuthenticationUserUsed = errors.New("Authentication has been used by some users") +) + type LoginType int // Note: new type must be added at the end of list to maintain compatibility. @@ -35,11 +40,6 @@ const ( LOGIN_DLDAP // 5 ) -var ( - ErrAuthenticationAlreadyExist = errors.New("Authentication already exist") - ErrAuthenticationUserUsed = errors.New("Authentication has been used by some users") -) - var LoginNames = map[LoginType]string{ LOGIN_LDAP: "LDAP (via BindDN)", LOGIN_DLDAP: "LDAP (simple auth)", // Via direct bind @@ -47,6 +47,12 @@ var LoginNames = map[LoginType]string{ LOGIN_PAM: "PAM", } +var SecurityProtocolNames = map[ldap.SecurityProtocol]string{ + ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted", + ldap.SECURITY_PROTOCOL_LDAPS: "LDAPS", + ldap.SECURITY_PROTOCOL_START_TLS: "StartTLS", +} + // Ensure structs implemented interface. var ( _ core.Conversion = &LDAPConfig{} @@ -66,6 +72,10 @@ func (cfg *LDAPConfig) ToDB() ([]byte, error) { return json.Marshal(cfg) } +func (cfg *LDAPConfig) SecurityProtocolName() string { + return SecurityProtocolNames[cfg.SecurityProtocol] +} + type SMTPConfig struct { Auth string Host string @@ -173,10 +183,16 @@ func (source *LoginSource) IsPAM() bool { return source.Type == LOGIN_PAM } +func (source *LoginSource) HasTLS() bool { + return ((source.IsLDAP() || source.IsDLDAP()) && + source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) || + source.IsSMTP() +} + func (source *LoginSource) UseTLS() bool { switch source.Type { case LOGIN_LDAP, LOGIN_DLDAP: - return source.LDAP().UseSSL + return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED case LOGIN_SMTP: return source.SMTP().TLS } |