nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

re-enable dell upload
Some checks reported errors
continuous-integration/drone/push Build was killed
Details

Browse Source
This commit is contained in:
Nathan Coad
2024-01-05 10:53:57 +11:00
parent 7f40884115
commit 50b512e08e
2 changed files with 63 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.drone.yml
View File

@@ -98,21 +98,21 @@ steps:
- sudo bash -c 'mv /home/l075239/smt/test.env /home/l075239/smt/.env' - sudo bash -c 'mv /home/l075239/smt/test.env /home/l075239/smt/.env'
- sudo bash -c '/etc/init.d/smt restart' - sudo bash -c '/etc/init.d/smt restart'
#- name: dell-deploy - name: dell-deploy
## # https://github.com/cschlosser/drone-ftps/blob/master/README.md # # https://github.com/cschlosser/drone-ftps/blob/master/README.md
# image: cschlosser/drone-ftps image: cschlosser/drone-ftps
# environment: environment:
# FTP_USERNAME: FTP_USERNAME:
# from_secret: FTP_USERNAME from_secret: FTP_USERNAME
# FTP_PASSWORD: FTP_PASSWORD:
# from_secret: FTP_PASSWORD from_secret: FTP_PASSWORD
# PLUGIN_HOSTNAME: ftp.emc.com:21 PLUGIN_HOSTNAME: ftp.emc.com:21
# PLUGIN_SECURE: false PLUGIN_SECURE: false
# PLUGIN_VERIFY: false PLUGIN_VERIFY: false
# PLUGIN_CHMOD: false PLUGIN_CHMOD: false
# #PLUGIN_DEBUG: false #PLUGIN_DEBUG: false
# PLUGIN_INCLUDE: ^smt$,^smt_checksum.txt$ PLUGIN_INCLUDE: ^smt$,^smt_checksum.txt$
# PLUGIN_EXCLUDE: ^\.git/$,^\controllers/$,^\middlewares/$,^\models/$,^\utils/$ PLUGIN_EXCLUDE: ^\.git/$,^\controllers/$,^\middlewares/$,^\models/$,^\utils/$
volumes: volumes:
- name: shared - name: shared

54
models/ldap.go
View File

@@ -265,6 +265,7 @@ func VerifyLdapCreds(username string, password string) error {
username = CheckUsername(username) username = CheckUsername(username)
ldaps := ldapConnect() ldaps := ldapConnect()
defer ldaps.Close()
// try an authenticated bind to AD to verify credentials // try an authenticated bind to AD to verify credentials
log.Printf("Attempting LDAP bind with user '%s' and password length '%d'\n", username, len(password)) log.Printf("Attempting LDAP bind with user '%s' and password length '%d'\n", username, len(password))
@@ -289,17 +290,17 @@ func VerifyLdapCreds(username string, password string) error {
// GetGroupsOfUser returns the group for a user. // GetGroupsOfUser returns the group for a user.
// Taken from https://github.com/jtblin/go-ldap-client/issues/13#issuecomment-456090979 // Taken from https://github.com/jtblin/go-ldap-client/issues/13#issuecomment-456090979
func GetGroupsOfUser(username string, baseDN string, conn *ldap.Conn) ([]string, error) { func GetGroupsOfUser(username string, baseDN string, conn *ldap.Conn) ([]string, error) {
var samAccountName string var sAMAccountName string
var groups []string var groups []string
if strings.Contains(username, "@") { if strings.Contains(username, "@") {
s := strings.Split(username, "@") s := strings.Split(username, "@")
samAccountName = s[0] sAMAccountName = s[0]
} else if strings.Contains(username, "\\") { } else if strings.Contains(username, "\\") {
s := strings.Split(username, "\\") s := strings.Split(username, "\\")
samAccountName = s[len(s)-1] sAMAccountName = s[len(s)-1]
} else { } else {
samAccountName = username sAMAccountName = username
} }
// Get the users DN // Get the users DN
@@ -307,7 +308,7 @@ func GetGroupsOfUser(username string, baseDN string, conn *ldap.Conn) ([]string,
searchRequest := ldap.NewSearchRequest( searchRequest := ldap.NewSearchRequest(
baseDN, baseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(sAMAccountName=%s)", ldap.EscapeFilter(samAccountName)), fmt.Sprintf("(sAMAccountName=%s)", ldap.EscapeFilter(sAMAccountName)),
[]string{}, []string{},
nil, nil,
) )
@@ -320,7 +321,7 @@ func GetGroupsOfUser(username string, baseDN string, conn *ldap.Conn) ([]string,
} }
if len(sr.Entries) != 1 { if len(sr.Entries) != 1 {
return nil, fmt.Errorf("user '%s' does not exist", samAccountName) return nil, fmt.Errorf("user '%s' does not exist", sAMAccountName)
} else { } else {
// Get the groups of the first result // Get the groups of the first result
groups = sr.Entries[0].GetAttributeValues("memberOf") groups = sr.Entries[0].GetAttributeValues("memberOf")
@@ -328,3 +329,44 @@ func GetGroupsOfUser(username string, baseDN string, conn *ldap.Conn) ([]string,
return groups, nil return groups, nil
} }
func GetLdapUserDn(username string, baseDN string, conn *ldap.Conn) (string, error) {
var sAMAccountName string
if strings.Contains(username, "@") {
s := strings.Split(username, "@")
sAMAccountName = s[0]
} else if strings.Contains(username, "\\") {
s := strings.Split(username, "\\")
sAMAccountName = s[len(s)-1]
} else {
sAMAccountName = username
}
// Search for the user's distinguishedName
searchRequest := ldap.NewSearchRequest(
baseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
fmt.Sprintf("(sAMAccountName=%s)", sAMAccountName),
[]string{"distinguishedName"},
nil,
)
searchResult, err := conn.Search(searchRequest)
if err != nil {
log.Fatal(err)
}
if len(searchResult.Entries) == 0 {
return "", fmt.Errorf("user '%s' does not exist", sAMAccountName)
} else {
// Retrieve the distinguishedName of the user
distinguishedName := searchResult.Entries[0].GetAttributeValue("distinguishedName")
if distinguishedName != "" {
log.Printf("GetLdapUserDn located user's distinguishedName : '%s'\n", distinguishedName)
return distinguishedName, nil
} else {
return "", fmt.Errorf("could not find distinguishedName for user '%s'", sAMAccountName)
}
}
}