From 7a8fd8e2006b9c4d9099d741e99650f5e4e676d8 Mon Sep 17 00:00:00 2001 From: Nathan Coad Date: Thu, 4 Jan 2024 15:53:21 +1100 Subject: [PATCH] work on LDAP --- .drone.yml | 30 +++++++++++++++--------------- main.go | 5 +++++ models/ldap.go | 7 +++++-- models/user.go | 21 +++++++++++++++++++++ 4 files changed, 46 insertions(+), 17 deletions(-) diff --git a/.drone.yml b/.drone.yml index 138ec57..d15decd 100644 --- a/.drone.yml +++ b/.drone.yml @@ -98,21 +98,21 @@ steps: - sudo bash -c 'mv /home/l075239/smt/test.env /home/l075239/smt/.env' - sudo bash -c '/etc/init.d/smt restart' -- name: dell-deploy -# # https://github.com/cschlosser/drone-ftps/blob/master/README.md - image: cschlosser/drone-ftps - environment: - FTP_USERNAME: - from_secret: FTP_USERNAME - FTP_PASSWORD: - from_secret: FTP_PASSWORD - PLUGIN_HOSTNAME: ftp.emc.com:21 - PLUGIN_SECURE: false - PLUGIN_VERIFY: false - PLUGIN_CHMOD: false - #PLUGIN_DEBUG: false - PLUGIN_INCLUDE: ^smt$,^smt_checksum.txt$ - PLUGIN_EXCLUDE: ^\.git/$,^\controllers/$,^\middlewares/$,^\models/$,^\utils/$ +#- name: dell-deploy +## # https://github.com/cschlosser/drone-ftps/blob/master/README.md +# image: cschlosser/drone-ftps +# environment: +# FTP_USERNAME: +# from_secret: FTP_USERNAME +# FTP_PASSWORD: +# from_secret: FTP_PASSWORD +# PLUGIN_HOSTNAME: ftp.emc.com:21 +# PLUGIN_SECURE: false +# PLUGIN_VERIFY: false +# PLUGIN_CHMOD: false +# #PLUGIN_DEBUG: false +# PLUGIN_INCLUDE: ^smt$,^smt_checksum.txt$ +# PLUGIN_EXCLUDE: ^\.git/$,^\controllers/$,^\middlewares/$,^\models/$,^\utils/$ volumes: - name: shared diff --git a/main.go b/main.go index a1c3b15..40c9ee1 100644 --- a/main.go +++ b/main.go @@ -150,6 +150,11 @@ func main() { // Load certificate for LDAP connectivy models.LoadLdapCert() + ldapServer := os.Getenv("LDAP_BIND_ADDRESS") + if ldapServer != "" { + models.LdapEnabled = true + } + // Create context that listens for the interrupt signal from the OS. ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) defer stop() diff --git a/models/ldap.go b/models/ldap.go index 6da6f0a..6260c79 100644 --- a/models/ldap.go +++ b/models/ldap.go @@ -22,7 +22,8 @@ type LdapConfig struct { } var systemCA *x509.CertPool -var certLoaded bool +var CertLoaded bool +var LdapEnabled bool func GetFilePath(path string) string { // Check for empty filename @@ -80,7 +81,7 @@ func LoadLdapCert() { // Add custom certificate to the system cert pool systemCA.AddCert(crt) - certLoaded = true + CertLoaded = true } } @@ -91,6 +92,8 @@ func VerifyLdapCreds(username string, password string) bool { if ldapServer == "" { log.Printf("VerifyLdapCreds no LDAP bind address supplied\n") return false + } else { + LdapEnabled = true } ldapBaseDn := os.Getenv("LDAP_BASE_DN") diff --git a/models/user.go b/models/user.go index a52deb4..bbcef3d 100644 --- a/models/user.go +++ b/models/user.go @@ -1,6 +1,7 @@ package models import ( + "database/sql" "errors" "log" "net/http" @@ -91,6 +92,18 @@ func LoginCheck(username string, password string) (string, error) { err = db.QueryRowx("SELECT * FROM Users WHERE Username=?", username).StructScan(&u) if err != nil { + if err == sql.ErrNoRows { + // check LDAP if enabled + if LdapEnabled { + //check, err := LdapLoginCheck(username, password) + check := VerifyLdapCreds(username, password) + if check { + u.UserId = StoreLdapUser(username) + } + } else { + return "", errors.New("specified user not found in database") + } + } log.Printf("LoginCheck error retrieving user from database : '%s'\n", err) return "", err } else { @@ -120,6 +133,14 @@ func LoginCheck(username string, password string) (string, error) { } +// StoreLdapUser creates a user record in the database and returns the corresponding userId +func StoreLdapUser(username string) int { + + // TODO + + return 99 +} + func GetUserByID(uid uint) (User, error) { var u User