diff options
author | Lauris BH <lauris@nix.lv> | 2019-01-24 01:25:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-24 01:25:33 +0200 |
commit | 331c9120e87935b940c14ac9ce370e3e27655ab1 (patch) | |
tree | e4c94bb6d81224951ea6faa41ab9197840f261d9 /modules | |
parent | 1b90692844c1b714d9c03cf7c96e7f62923236c0 (diff) | |
download | gitea-331c9120e87935b940c14ac9ce370e3e27655ab1.tar.gz gitea-331c9120e87935b940c14ac9ce370e3e27655ab1.zip |
Request for public keys only if LDAP attribute is set (#5816)
* Update go-ldap dependency
* Request for public keys only if attribute is set
Diffstat (limited to 'modules')
-rw-r--r-- | modules/auth/ldap/ldap.go | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 010b4ea868..c68af25408 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -247,11 +247,17 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul return nil } + var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0 + + attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail} + if isAttributeSSHPublicKeySet { + attribs = append(attribs, ls.AttributeSSHPublicKey) + } + log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, userDN) search := ldap.NewSearchRequest( userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter, - []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey}, - nil) + attribs, nil) sr, err := l.Search(search) if err != nil { @@ -267,11 +273,15 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul return nil } + var sshPublicKey []string + username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername) firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName) surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname) mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail) - sshPublicKey := sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey) + if isAttributeSSHPublicKeySet { + sshPublicKey = sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey) + } isAdmin := checkAdmin(l, ls, userDN) if !directBind && ls.AttributesInBind { @@ -320,11 +330,17 @@ func (ls *Source) SearchEntries() []*SearchResult { userFilter := fmt.Sprintf(ls.Filter, "*") + var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0 + + attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail} + if isAttributeSSHPublicKeySet { + attribs = append(attribs, ls.AttributeSSHPublicKey) + } + log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, ls.UserBase) search := ldap.NewSearchRequest( ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter, - []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey}, - nil) + attribs, nil) var sr *ldap.SearchResult if ls.UsePagedSearch() { @@ -341,12 +357,14 @@ func (ls *Source) SearchEntries() []*SearchResult { for i, v := range sr.Entries { result[i] = &SearchResult{ - Username: v.GetAttributeValue(ls.AttributeUsername), - Name: v.GetAttributeValue(ls.AttributeName), - Surname: v.GetAttributeValue(ls.AttributeSurname), - Mail: v.GetAttributeValue(ls.AttributeMail), - SSHPublicKey: v.GetAttributeValues(ls.AttributeSSHPublicKey), - IsAdmin: checkAdmin(l, ls, v.DN), + Username: v.GetAttributeValue(ls.AttributeUsername), + Name: v.GetAttributeValue(ls.AttributeName), + Surname: v.GetAttributeValue(ls.AttributeSurname), + Mail: v.GetAttributeValue(ls.AttributeMail), + IsAdmin: checkAdmin(l, ls, v.DN), + } + if isAttributeSSHPublicKeySet { + result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey) } } |