gitea/modules/auth/ldap/ldap.go

// Copyright github.com/juju2013. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

// package ldap provide functions & structure to query a LDAP ldap directory
// For now, it's mainly tested again an MS Active Directory service, see README.md for more information
package ldap

import (
	"fmt"

	"github.com/gogits/gogs/modules/ldap"
	"github.com/gogits/gogs/modules/log"
)

// Basic LDAP authentication service
type Ldapsource struct {
	Name         string // canonical name (ie. corporate.ad)
	Host         string // LDAP host
	Port         int    // port number
	UseSSL       bool   // Use SSL
	BaseDN       string // Base DN
	Attributes   string // Attribut to search
	Filter       string // Query filter to validate entry
	MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)
	Enabled      bool   // if this source is disabled
}

//Global LDAP directory pool
var (
	Authensource []Ldapsource
)

// Add a new source (LDAP directory) to the global pool
func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
	Authensource = append(Authensource, ldaphost)
}

//LoginUser : try to login an user to LDAP sources, return requested (attribut,true) if ok, ("",false) other wise
//First match wins
//Returns first attribute if exists
func LoginUser(name, passwd string) (a string, r bool) {
	r = false
	for _, ls := range Authensource {
		a, r = ls.SearchEntry(name, passwd)
		if r {
			return
		}
	}
	return
}

// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
	l, err := ldapDial(ls)
	if err != nil {
		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
		ls.Enabled = false
		return "", false
	}
	defer l.Close()

	nx := fmt.Sprintf(ls.MsAdSAFormat, name)
	err = l.Bind(nx, passwd)
	if err != nil {
		log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())
		return "", false
	}

	search := ldap.NewSearchRequest(
		ls.BaseDN,
		ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
		fmt.Sprintf(ls.Filter, name),
		[]string{ls.Attributes},
		nil)
	sr, err := l.Search(search)
	if err != nil {
		log.Debug("LDAP Authen OK but not in filter %s", name)
		return "", false
	}
	log.Debug("LDAP Authen OK: %s", name)
	if len(sr.Entries) > 0 {
		r := sr.Entries[0].GetAttributeValue(ls.Attributes)
		return r, true
	}
	return "", true
}

func ldapDial(ls Ldapsource) (*ldap.Conn, error) {
	if ls.UseSSL {
		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
	} else {
		return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
	}
}
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`// Copyright github.com/juju2013. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`// package ldap provide functions & structure to query a LDAP ldap directory`
			`// For now, it's mainly tested again an MS Active Directory service, see README.md for more information`
			`package ldap`

			`import (`
			`"fmt"`
ldap support 2014-05-03 06:48:14 +04:00
Remove ldap dep 2014-09-08 04:04:47 +04:00			`"github.com/gogits/gogs/modules/ldap"`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`"github.com/gogits/gogs/modules/log"`
			`)`

			`// Basic LDAP authentication service`
ldap support 2014-05-03 06:48:14 +04:00			`type Ldapsource struct {`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`Name string // canonical name (ie. corporate.ad)`
			`Host string // LDAP host`
			`Port int // port number`
Add LDAP over SSL support 2014-05-15 16:21:27 +04:00			`UseSSL bool // Use SSL`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`BaseDN string // Base DN`
			`Attributes string // Attribut to search`
			`Filter string // Query filter to validate entry`
			`MsAdSAFormat string // in the case of MS AD Simple Authen, the format to use (see: http://msdn.microsoft.com/en-us/library/cc223499.aspx)`
			`Enabled bool // if this source is disabled`
			`}`

			`//Global LDAP directory pool`
			`var (`
ldap support 2014-05-03 06:48:14 +04:00			`Authensource []Ldapsource`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`)`

			`// Add a new source (LDAP directory) to the global pool`
Add LDAP over SSL support 2014-05-15 16:21:27 +04:00			`func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {`
			`ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`Authensource = append(Authensource, ldaphost)`
			`}`

			`//LoginUser : try to login an user to LDAP sources, return requested (attribut,true) if ok, ("",false) other wise`
			`//First match wins`
			`//Returns first attribute if exists`
			`func LoginUser(name, passwd string) (a string, r bool) {`
			`r = false`
			`for _, ls := range Authensource {`
merge all login methods 2014-05-11 10:12:45 +04:00			`a, r = ls.SearchEntry(name, passwd)`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`if r {`
			`return`
			`}`
			`}`
			`return`
			`}`

			`// searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter`
merge all login methods 2014-05-11 10:12:45 +04:00			`func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {`
Add LDAP over SSL support 2014-05-15 16:21:27 +04:00			`l, err := ldapDial(ls)`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`if err != nil {`
New UI merge in progress 2014-07-26 08:24:27 +04:00			`log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`ls.Enabled = false`
			`return "", false`
			`}`
			`defer l.Close()`

			`nx := fmt.Sprintf(ls.MsAdSAFormat, name)`
			`err = l.Bind(nx, passwd)`
			`if err != nil {`
			`log.Debug("LDAP Authan failed for %s, reason: %s", nx, err.Error())`
			`return "", false`
			`}`

Remove ldap dep 2014-09-08 04:04:47 +04:00			`search := ldap.NewSearchRequest(`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`ls.BaseDN,`
Remove ldap dep 2014-09-08 04:04:47 +04:00			`ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,`
initial support for LDAP authentication/MSAD 2014-04-22 20:55:27 +04:00			`fmt.Sprintf(ls.Filter, name),`
			`[]string{ls.Attributes},`
			`nil)`
			`sr, err := l.Search(search)`
			`if err != nil {`
			`log.Debug("LDAP Authen OK but not in filter %s", name)`
			`return "", false`
			`}`
			`log.Debug("LDAP Authen OK: %s", name)`
			`if len(sr.Entries) > 0 {`
			`r := sr.Entries[0].GetAttributeValue(ls.Attributes)`
			`return r, true`
			`}`
			`return "", true`
			`}`
Add LDAP over SSL support 2014-05-15 16:21:27 +04:00
Remove ldap dep 2014-09-08 04:04:47 +04:00			`func ldapDial(ls Ldapsource) (*ldap.Conn, error) {`
Add LDAP over SSL support 2014-05-15 16:21:27 +04:00			`if ls.UseSSL {`
Remove ldap dep 2014-09-08 04:04:47 +04:00			`return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)`
Add LDAP over SSL support 2014-05-15 16:21:27 +04:00			`} else {`
Remove ldap dep 2014-09-08 04:04:47 +04:00			`return ldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))`
Add LDAP over SSL support 2014-05-15 16:21:27 +04:00			`}`
			`}`