diff options
| author | zeripath <art27@cantab.net> | 2021-08-11 21:42:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-11 21:42:58 +0100 |
| commit | e29e1637370ad95e4ca9f861c25d366b74829dcc (patch) | |
| tree | 63c0b53fa958b23fdf1f3e5216df250a24016706 /services/auth/source/ldap | |
| parent | f1a810e0901b80eb6bc21103434fc0737af17eaa (diff) | |
| download | gitea-e29e1637370ad95e4ca9f861c25d366b74829dcc.tar.gz gitea-e29e1637370ad95e4ca9f861c25d366b74829dcc.zip | |
Improve SMTP authentication and Fix user creation bugs (#16612)
* Improve SMTP authentication, Fix user creation bugs and add LDAP cert/key options
This PR has two parts:
Improvements for SMTP authentication:
* Default to use SMTPS if port is 465, and allow setting of force SMTPS.
* Always use STARTTLS if available
* Provide CRAM-MD5 mechanism
* Add options for HELO hostname disabling
* Add options for providing certificates and keys
* Handle application specific password response as a failed user login
instead of as a 500.
Close #16104
Fix creation of new users:
* A bug was introduced when allowing users to change usernames which
prevents the creation of external users.
* The LoginSource refactor also broke this page.
Close #16104
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'services/auth/source/ldap')
| -rw-r--r-- | services/auth/source/ldap/source_search.go | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go index e99fc67901..f2acbb0d4b 100644 --- a/services/auth/source/ldap/source_search.go +++ b/services/auth/source/ldap/source_search.go @@ -8,6 +8,8 @@ package ldap import ( "crypto/tls" "fmt" + "net" + "strconv" "strings" "code.gitea.io/gitea/modules/log" @@ -103,26 +105,27 @@ func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) { return userDN, true } -func dial(ls *Source) (*ldap.Conn, error) { - log.Trace("Dialing LDAP with security protocol (%v) without verifying: %v", ls.SecurityProtocol, ls.SkipVerify) +func dial(source *Source) (*ldap.Conn, error) { + log.Trace("Dialing LDAP with security protocol (%v) without verifying: %v", source.SecurityProtocol, source.SkipVerify) - tlsCfg := &tls.Config{ - ServerName: ls.Host, - InsecureSkipVerify: ls.SkipVerify, + tlsConfig := &tls.Config{ + ServerName: source.Host, + InsecureSkipVerify: source.SkipVerify, } - if ls.SecurityProtocol == SecurityProtocolLDAPS { - return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg) + + if source.SecurityProtocol == SecurityProtocolLDAPS { + return ldap.DialTLS("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port)), tlsConfig) } - conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port)) + conn, err := ldap.Dial("tcp", net.JoinHostPort(source.Host, strconv.Itoa(source.Port))) if err != nil { - return nil, fmt.Errorf("Dial: %v", err) + return nil, fmt.Errorf("error during Dial: %v", err) } - if ls.SecurityProtocol == SecurityProtocolStartTLS { - if err = conn.StartTLS(tlsCfg); err != nil { + if source.SecurityProtocol == SecurityProtocolStartTLS { + if err = conn.StartTLS(tlsConfig); err != nil { conn.Close() - return nil, fmt.Errorf("StartTLS: %v", err) + return nil, fmt.Errorf("error during StartTLS: %v", err) } } |