summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorLauris BH <lauris@nix.lv>2019-01-24 01:25:33 +0200
committerGitHub <noreply@github.com>2019-01-24 01:25:33 +0200
commit331c9120e87935b940c14ac9ce370e3e27655ab1 (patch)
treee4c94bb6d81224951ea6faa41ab9197840f261d9 /modules
parent1b90692844c1b714d9c03cf7c96e7f62923236c0 (diff)
downloadgitea-331c9120e87935b940c14ac9ce370e3e27655ab1.tar.gz
gitea-331c9120e87935b940c14ac9ce370e3e27655ab1.zip
Request for public keys only if LDAP attribute is set (#5816)
* Update go-ldap dependency * Request for public keys only if attribute is set
Diffstat (limited to 'modules')
-rw-r--r--modules/auth/ldap/ldap.go40
1 files changed, 29 insertions, 11 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index 010b4ea868..c68af25408 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -247,11 +247,17 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
return nil
}
+ var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
+
+ attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
+ if isAttributeSSHPublicKeySet {
+ attribs = append(attribs, ls.AttributeSSHPublicKey)
+ }
+
log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, userDN)
search := ldap.NewSearchRequest(
userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
- []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
- nil)
+ attribs, nil)
sr, err := l.Search(search)
if err != nil {
@@ -267,11 +273,15 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
return nil
}
+ var sshPublicKey []string
+
username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
- sshPublicKey := sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
+ if isAttributeSSHPublicKeySet {
+ sshPublicKey = sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
+ }
isAdmin := checkAdmin(l, ls, userDN)
if !directBind && ls.AttributesInBind {
@@ -320,11 +330,17 @@ func (ls *Source) SearchEntries() []*SearchResult {
userFilter := fmt.Sprintf(ls.Filter, "*")
+ var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
+
+ attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
+ if isAttributeSSHPublicKeySet {
+ attribs = append(attribs, ls.AttributeSSHPublicKey)
+ }
+
log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, ls.UserBase)
search := ldap.NewSearchRequest(
ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
- []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
- nil)
+ attribs, nil)
var sr *ldap.SearchResult
if ls.UsePagedSearch() {
@@ -341,12 +357,14 @@ func (ls *Source) SearchEntries() []*SearchResult {
for i, v := range sr.Entries {
result[i] = &SearchResult{
- Username: v.GetAttributeValue(ls.AttributeUsername),
- Name: v.GetAttributeValue(ls.AttributeName),
- Surname: v.GetAttributeValue(ls.AttributeSurname),
- Mail: v.GetAttributeValue(ls.AttributeMail),
- SSHPublicKey: v.GetAttributeValues(ls.AttributeSSHPublicKey),
- IsAdmin: checkAdmin(l, ls, v.DN),
+ Username: v.GetAttributeValue(ls.AttributeUsername),
+ Name: v.GetAttributeValue(ls.AttributeName),
+ Surname: v.GetAttributeValue(ls.AttributeSurname),
+ Mail: v.GetAttributeValue(ls.AttributeMail),
+ IsAdmin: checkAdmin(l, ls, v.DN),
+ }
+ if isAttributeSSHPublicKeySet {
+ result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)
}
}