afan
/
gitea
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
gitea源码
2 Ревизии
2 Клонове
ИН на ревизия: f5d5e77162
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
from 'f5d5e77162'
${ noResults }
gitea/services/auth/source/ldap/source.go

source.go 4.1KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. // Copyright 2021 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package ldap

  5. 

  6. import (

  7. 	"strings"

  8. 

  9. 	"code.gitea.io/gitea/models/auth"

  10. 	"code.gitea.io/gitea/modules/json"

  11. 	"code.gitea.io/gitea/modules/secret"

  12. 	"code.gitea.io/gitea/modules/setting"

  13. )

  14. 

  15. // .____     ________      _____ __________

  16. // |    |    \______ \    /  _  \\______   \

  17. // |    |     |    |  \  /  /_\  \|     ___/

  18. // |    |___  |    `   \/    |    \    |

  19. // |_______ \/_______  /\____|__  /____|

  20. //         \/        \/         \/

  21. 

  22. // Package ldap provide functions & structure to query a LDAP ldap directory

  23. // For now, it's mainly tested again an MS Active Directory service, see README.md for more information

  24. 

  25. // Source Basic LDAP authentication service

  26. type Source struct {

  27. 	auth.ConfigBase `json:"-"`

  28. 

  29. 	Name                  string // canonical name (ie. corporate.ad)

  30. 	Host                  string // LDAP host

  31. 	Port                  int    // port number

  32. 	SecurityProtocol      SecurityProtocol

  33. 	SkipVerify            bool

  34. 	BindDN                string // DN to bind with

  35. 	BindPasswordEncrypt   string // Encrypted Bind BN password

  36. 	BindPassword          string // Bind DN password

  37. 	UserBase              string // Base search path for users

  38. 	UserDN                string // Template for the DN of the user for simple auth

  39. 	AttributeUsername     string // Username attribute

  40. 	AttributeName         string // First name attribute

  41. 	AttributeSurname      string // Surname attribute

  42. 	AttributeMail         string // E-mail attribute

  43. 	AttributesInBind      bool   // fetch attributes in bind context (not user)

  44. 	AttributeSSHPublicKey string // LDAP SSH Public Key attribute

  45. 	AttributeAvatar       string

  46. 	SearchPageSize        uint32 // Search with paging page size

  47. 	Filter                string // Query filter to validate entry

  48. 	AdminFilter           string // Query filter to check if user is admin

  49. 	RestrictedFilter      string // Query filter to check if user is restricted

  50. 	Enabled               bool   // if this source is disabled

  51. 	AllowDeactivateAll    bool   // Allow an empty search response to deactivate all users from this source

  52. 	GroupsEnabled         bool   // if the group checking is enabled

  53. 	GroupDN               string // Group Search Base

  54. 	GroupFilter           string // Group Name Filter

  55. 	GroupMemberUID        string // Group Attribute containing array of UserUID

  56. 	GroupTeamMap          string // Map LDAP groups to teams

  57. 	GroupTeamMapRemoval   bool   // Remove user from teams which are synchronized and user is not a member of the corresponding LDAP group

  58. 	UserUID               string // User Attribute listed in Group

  59. }

  60. 

  61. // FromDB fills up a LDAPConfig from serialized format.

  62. func (source *Source) FromDB(bs []byte) error {

  63. 	err := json.UnmarshalHandleDoubleEncode(bs, &source)

  64. 	if err != nil {

  65. 		return err

  66. 	}

  67. 	if source.BindPasswordEncrypt != "" {

  68. 		source.BindPassword, err = secret.DecryptSecret(setting.SecretKey, source.BindPasswordEncrypt)

  69. 		source.BindPasswordEncrypt = ""

  70. 	}

  71. 	return err

  72. }

  73. 

  74. // ToDB exports a LDAPConfig to a serialized format.

  75. func (source *Source) ToDB() ([]byte, error) {

  76. 	var err error

  77. 	source.BindPasswordEncrypt, err = secret.EncryptSecret(setting.SecretKey, source.BindPassword)

  78. 	if err != nil {

  79. 		return nil, err

  80. 	}

  81. 	source.BindPassword = ""

  82. 	return json.Marshal(source)

  83. }

  84. 

  85. // SecurityProtocolName returns the name of configured security

  86. // protocol.

  87. func (source *Source) SecurityProtocolName() string {

  88. 	return SecurityProtocolNames[source.SecurityProtocol]

  89. }

  90. 

  91. // IsSkipVerify returns if SkipVerify is set

  92. func (source *Source) IsSkipVerify() bool {

  93. 	return source.SkipVerify

  94. }

  95. 

  96. // HasTLS returns if HasTLS

  97. func (source *Source) HasTLS() bool {

  98. 	return source.SecurityProtocol > SecurityProtocolUnencrypted

  99. }

  100. 

  101. // UseTLS returns if UseTLS

  102. func (source *Source) UseTLS() bool {

  103. 	return source.SecurityProtocol != SecurityProtocolUnencrypted

  104. }

  105. 

  106. // ProvidesSSHKeys returns if this source provides SSH Keys

  107. func (source *Source) ProvidesSSHKeys() bool {

  108. 	return strings.TrimSpace(source.AttributeSSHPublicKey) != ""

  109. }

  110. 

  111. func init() {

  112. 	auth.RegisterTypeConfig(auth.LDAP, &Source{})

  113. 	auth.RegisterTypeConfig(auth.DLDAP, &Source{})

  114. }