mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2597 Commits
17 Branches
Tree: 6235bd1fe9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6235bd1fe9'
${ noResults }
gitea/modules/auth/ldap/ldap.go

ldap.go 4.0KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. // Package ldap provide functions & structure to query a LDAP ldap directory

  6. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  7. package ldap

  8. 

  9. import (

  10. 	"fmt"

  11. 

  12. 	"github.com/gogits/gogs/modules/ldap"

  13. 	"github.com/gogits/gogs/modules/log"

  14. )

  15. 

  16. // Basic LDAP authentication service

  17. type Ldapsource struct {

  18. 	Name             string // canonical name (ie. corporate.ad)

  19. 	Host             string // LDAP host

  20. 	Port             int    // port number

  21. 	UseSSL           bool   // Use SSL

  22. 	BindDN           string // DN to bind with

  23. 	BindPassword     string // Bind DN password

  24. 	UserBase         string // Base search path for users

  25. 	AttributeName    string // First name attribute

  26. 	AttributeSurname string // Surname attribute

  27. 	AttributeMail    string // E-mail attribute

  28. 	Filter           string // Query filter to validate entry

  29. 	Enabled          bool   // if this source is disabled

  30. }

  31. 

  32. func (ls Ldapsource) FindUserDN(name string) (string, bool) {

  33. 	l, err := ldapDial(ls)

  34. 	if err != nil {

  35. 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)

  36. 		ls.Enabled = false

  37. 		return "", false

  38. 	}

  39. 	defer l.Close()

  40. 

  41. 	log.Trace("Search for LDAP user: %s", name)

  42. 	if ls.BindDN != "" && ls.BindPassword != "" {

  43. 		err = l.Bind(ls.BindDN, ls.BindPassword)

  44. 		if err != nil {

  45. 			log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)

  46. 			return "", false

  47. 		}

  48. 		log.Trace("Bound as BindDN %s", ls.BindDN)

  49. 	} else {

  50. 		log.Trace("Proceeding with anonymous LDAP search.")

  51. 	}

  52. 

  53. 	// A search for the user.

  54. 	userFilter := fmt.Sprintf(ls.Filter, name)

  55. 	log.Trace("Searching using filter %s", userFilter)

  56. 	search := ldap.NewSearchRequest(

  57. 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,

  58. 		false, userFilter, []string{}, nil)

  59. 

  60. 	// Ensure we found a user

  61. 	sr, err := l.Search(search)

  62. 	if err != nil || len(sr.Entries) < 1 {

  63. 		log.Debug("Failed search using filter[%s]: %v", userFilter, err)

  64. 		return "", false

  65. 	} else if len(sr.Entries) > 1 {

  66. 		log.Debug("Filter '%s' returned more than one user.", userFilter)

  67. 		return "", false

  68. 	}

  69. 

  70. 	userDN := sr.Entries[0].DN

  71. 	if userDN == "" {

  72. 		log.Error(4, "LDAP search was succesful, but found no DN!")

  73. 		return "", false

  74. 	}

  75. 

  76. 	return userDN, true

  77. }

  78. 

  79. // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter

  80. func (ls Ldapsource) SearchEntry(name, passwd string) (string, string, string, bool) {

  81. 	userDN, found := ls.FindUserDN(name)

  82. 	if !found {

  83. 		return "", "", "", false

  84. 	}

  85. 

  86. 	l, err := ldapDial(ls)

  87. 	if err != nil {

  88. 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)

  89. 		ls.Enabled = false

  90. 		return "", "", "", false

  91. 	}

  92. 

  93. 	defer l.Close()

  94. 

  95. 	log.Trace("Binding with userDN: %s", userDN)

  96. 	err = l.Bind(userDN, passwd)

  97. 	if err != nil {

  98. 		log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)

  99. 		return "", "", "", false

  100. 	}

  101. 

  102. 	log.Trace("Bound successfully with userDN: %s", userDN)

  103. 	userFilter := fmt.Sprintf(ls.Filter, name)

  104. 	search := ldap.NewSearchRequest(

  105. 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,

  106. 		[]string{ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},

  107. 		nil)

  108. 

  109. 	sr, err := l.Search(search)

  110. 	if err != nil {

  111. 		log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)

  112. 		return "", "", "", false

  113. 	} else if len(sr.Entries) < 1 {

  114. 		log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")

  115. 		return "", "", "", false

  116. 	}

  117. 

  118. 	name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)

  119. 	sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)

  120. 	mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)

  121. 	return name_attr, sn_attr, mail_attr, true

  122. }

  123. 

  124. func ldapDial(ls Ldapsource) (*ldap.Conn, error) {

  125. 	if ls.UseSSL {

  126. 		log.Debug("Using TLS for LDAP")

  127. 		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)

  128. 	} else {

  129. 		return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))

  130. 	}

  131. }