Use SecurityProtocol to replace UseSSL in LDAP config

Initially proposed by #2376 and fixes #3068 as well.
author: Unknwon <u@gogs.io> 2016-07-08 07:25:09 +0800
committer: Unknwon <u@gogs.io> 2016-07-08 07:25:09 +0800
commit: 401bf944ef4b09e7d4ca85d7272dbd32e7e950a0 (patch)
tree: 7e9af9199616f4704d4e1e9e0bfcf97d537693e4 /models
parent: 326c98266040a69ceec51c3804c372c7af47e027 (diff)
download: gitea-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.tar.gz
gitea-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.zip
3 files changed, 84 insertions, 14 deletions
diff --git a/models/login.go b/models/login.go
index 6ed4fefbdf..22edc25b55 100644
--- a/models/login.go
+++ b/models/login.go
@@ -23,6 +23,11 @@ import (
 	"github.com/gogits/gogs/modules/log"
 )
 
+var (
+	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")
+	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")
+)
+
 type LoginType int
 
 // Note: new type must be added at the end of list to maintain compatibility.
@@ -35,11 +40,6 @@ const (
 	LOGIN_DLDAP            // 5
 )
 
-var (
-	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")
-	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")
-)
-
 var LoginNames = map[LoginType]string{
 	LOGIN_LDAP:  "LDAP (via BindDN)",
 	LOGIN_DLDAP: "LDAP (simple auth)", // Via direct bind
@@ -47,6 +47,12 @@ var LoginNames = map[LoginType]string{
 	LOGIN_PAM:   "PAM",
 }
 
+var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
+	ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted",
+	ldap.SECURITY_PROTOCOL_LDAPS:       "LDAPS",
+	ldap.SECURITY_PROTOCOL_START_TLS:   "StartTLS",
+}
+
 // Ensure structs implemented interface.
 var (
 	_ core.Conversion = &LDAPConfig{}
@@ -66,6 +72,10 @@ func (cfg *LDAPConfig) ToDB() ([]byte, error) {
 	return json.Marshal(cfg)
 }
 
+func (cfg *LDAPConfig) SecurityProtocolName() string {
+	return SecurityProtocolNames[cfg.SecurityProtocol]
+}
+
 type SMTPConfig struct {
 	Auth           string
 	Host           string
@@ -173,10 +183,16 @@ func (source *LoginSource) IsPAM() bool {
 	return source.Type == LOGIN_PAM
 }
 
+func (source *LoginSource) HasTLS() bool {
+	return ((source.IsLDAP() || source.IsDLDAP()) &&
+		source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) ||
+		source.IsSMTP()
+}
+
 func (source *LoginSource) UseTLS() bool {
 	switch source.Type {
 	case LOGIN_LDAP, LOGIN_DLDAP:
-		return source.LDAP().UseSSL
+		return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED
 	case LOGIN_SMTP:
 		return source.SMTP().TLS
 	}
diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
index 8331490994..ea766f4c40 100644
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -59,14 +59,15 @@ type Version struct {
 // If you want to "retire" a migration, remove it from the top of the list and
 // update _MIN_VER_DB accordingly
 var migrations = []Migration{
-	NewMigration("fix locale file load panic", fixLocaleFileLoadPanic),                 // V4 -> V5:v0.6.0
-	NewMigration("trim action compare URL prefix", trimCommitActionAppUrlPrefix),       // V5 -> V6:v0.6.3
-	NewMigration("generate issue-label from issue", issueToIssueLabel),                 // V6 -> V7:v0.6.4
-	NewMigration("refactor attachment table", attachmentRefactor),                      // V7 -> V8:v0.6.4
-	NewMigration("rename pull request fields", renamePullRequestFields),                // V8 -> V9:v0.6.16
-	NewMigration("clean up migrate repo info", cleanUpMigrateRepoInfo),                 // V9 -> V10:v0.6.20
-	NewMigration("generate rands and salt for organizations", generateOrgRandsAndSalt), // V10 -> V11:v0.8.5
-	NewMigration("convert date to unix timestamp", convertDateToUnix),                  // V11 -> V12:v0.9.2
+	NewMigration("fix locale file load panic", fixLocaleFileLoadPanic),                           // V4 -> V5:v0.6.0
+	NewMigration("trim action compare URL prefix", trimCommitActionAppUrlPrefix),                 // V5 -> V6:v0.6.3
+	NewMigration("generate issue-label from issue", issueToIssueLabel),                           // V6 -> V7:v0.6.4
+	NewMigration("refactor attachment table", attachmentRefactor),                                // V7 -> V8:v0.6.4
+	NewMigration("rename pull request fields", renamePullRequestFields),                          // V8 -> V9:v0.6.16
+	NewMigration("clean up migrate repo info", cleanUpMigrateRepoInfo),                           // V9 -> V10:v0.6.20
+	NewMigration("generate rands and salt for organizations", generateOrgRandsAndSalt),           // V10 -> V11:v0.8.5
+	NewMigration("convert date to unix timestamp", convertDateToUnix),                            // V11 -> V12:v0.9.2
+	NewMigration("convert LDAP UseSSL option to SecurityProtocol", ldapUseSSLToSecurityProtocol), // V12 -> V13:v0.9.37
 }
 
 // Migrate database to current version
@@ -580,6 +581,7 @@ type TWebhook struct {
 func (t *TWebhook) TableName() string { return "webhook" }
 
 func convertDateToUnix(x *xorm.Engine) (err error) {
+	log.Info("This migration could take up to minutes, please be patient.")
 	type Bean struct {
 		ID         int64 `xorm:"pk autoincr"`
 		Created    time.Time
diff --git a/models/migrations/v13.go b/models/migrations/v13.go
new file mode 100644
index 0000000000..c9a50a992e
--- /dev/null
+++ b/models/migrations/v13.go
@@ -0,0 +1,52 @@
+// Copyright 2016 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package migrations
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/Unknwon/com"
+	"github.com/go-xorm/xorm"
+)
+
+func ldapUseSSLToSecurityProtocol(x *xorm.Engine) error {
+	results, err := x.Query("SELECT `id`,`cfg` FROM `login_source` WHERE `type` = 2 OR `type` = 5")
+	if err != nil {
+		if strings.Contains(err.Error(), "no such column") {
+			return nil
+		}
+		return fmt.Errorf("select LDAP login sources: %v", err)
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	for _, result := range results {
+		cfg := map[string]interface{}{}
+		if err = json.Unmarshal(result["cfg"], &cfg); err != nil {
+			return fmt.Errorf("decode JSON config: %v", err)
+		}
+		if com.ToStr(cfg["UseSSL"]) == "true" {
+			cfg["SecurityProtocol"] = 1 // LDAPS
+		}
+		delete(cfg, "UseSSL")
+
+		data, err := json.Marshal(&cfg)
+		if err != nil {
+			return fmt.Errorf("encode JSON config: %v", err)
+		}
+
+		if _, err = sess.Exec("UPDATE `login_source` SET `cfg`=? WHERE `id`=?",
+			string(data), com.StrTo(result["id"]).MustInt64()); err != nil {
+			return fmt.Errorf("update config column: %v", err)
+		}
+	}
+	return sess.Commit()
+}
author	Unknwon <u@gogs.io>	2016-07-08 07:25:09 +0800
committer	Unknwon <u@gogs.io>	2016-07-08 07:25:09 +0800
commit	401bf944ef4b09e7d4ca85d7272dbd32e7e950a0 (patch)
tree	7e9af9199616f4704d4e1e9e0bfcf97d537693e4 /models
parent	326c98266040a69ceec51c3804c372c7af47e027 (diff)
download	gitea-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.tar.gz gitea-401bf944ef4b09e7d4ca85d7272dbd32e7e950a0.zip