embedded go-ad-auth to adradius, tls skipverify added

go.mod

@@ -3,9 +3,9 @@ module git.paulbsd.com/paulbsd/adradius
 go 1.13
 
 require (
-	github.com/korylprince/go-ad-auth v2.2.0+incompatible
-	golang.org/x/text v0.3.2 // indirect
+	github.com/smartystreets/goconvey v1.6.4 // indirect
+	golang.org/x/text v0.3.2
 	gopkg.in/ini.v1 v1.52.0
-	gopkg.in/ldap.v3 v3.1.0 // indirect
+	gopkg.in/ldap.v3 v3.1.0
 	layeh.com/radius v0.0.0-20190322222518-890bc1058917
 )

go.sum

@@ -1,8 +1,19 @@
-github.com/korylprince/go-ad-auth v2.2.0+incompatible h1:g/vTHSQfe2y0D9LATowYJwj735wLjD+pBS9fN7Ady70=
-github.com/korylprince/go-ad-auth v2.2.0+incompatible/go.mod h1:mMfgOVgAwVJiM4rureWH1QSktKw9tEe0dAbT7ObIzfM=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/ini.v1 v1.52.0 h1:j+Lt/M1oPPejkniCg1TkWE2J3Eh1oZTsHSXzMTzUXn4=

src/adradius/adradius.go

@@ -4,7 +4,7 @@ import (
 	"log"
 
 	"git.paulbsd.com/paulbsd/adradius/src/config"
-	auth "github.com/korylprince/go-ad-auth"
+	auth "git.paulbsd.com/paulbsd/adradius/src/go-ad-auth"
 	"layeh.com/radius"
 	"layeh.com/radius/rfc2865"
 )
@@ -20,18 +20,21 @@ func SetADRadiusConfig(c *config.Config) (ldapconfig *auth.Config, err error) {
 	}
 
 	ldapconfig = &auth.Config{
-		Server:   c.Server,
-		Port:     c.Port,
-		BaseDN:   c.BaseDN,
-		Security: security,
+		Server:     c.Server,
+		Port:       c.Port,
+		BaseDN:     c.BaseDN,
+		Security:   security,
+		SkipVerify: c.SkipVerify,
 	}
 
+	ldapconfig.Connect()
+
 	return
 }
 
 // ADauth process authentication to Active Directory
-func ADauth(config *auth.Config, username string, password string) (status bool, err error) {
-	status, err = auth.Authenticate(config, username, password)
+func ADauth(ldapconfig *auth.Config, username string, password string) (status bool, err error) {
+	status, err = auth.Authenticate(ldapconfig, username, password)
 	if err != nil {
 		return
 	}

src/config/main.go

@@ -3,8 +3,8 @@ package config
 import (
 	"flag"
 
+	auth "git.paulbsd.com/paulbsd/adradius/src/go-ad-auth"
 	"git.paulbsd.com/paulbsd/adradius/utils"
-	auth "github.com/korylprince/go-ad-auth"
 	"gopkg.in/ini.v1"
 )
 
@@ -27,6 +27,7 @@ func (c *Config) GetConfig() (err error) {
 	c.TLS = adradiusSection.Key("tls").MustBool()
 	c.Listen = adradiusSection.Key("listen").MustString(":1812")
 	c.Secret = adradiusSection.Key("secret").MustString("secret")
+	c.SkipVerify = adradiusSection.Key("skipverify").MustBool()
 
 	if err != nil {
 		return
@@ -45,4 +46,5 @@ type Config struct {
 	Listen     string
 	Secret     string
 	Security   auth.SecurityType
+	SkipVerify bool
 }

src/go-ad-auth/config.go

@@ -19,10 +19,11 @@ const (
 
 //Config contains settings for connecting to an Active Directory server.
 type Config struct {
-	Server   string
-	Port     int
-	BaseDN   string
-	Security SecurityType
+	Server     string
+	Port       int
+	BaseDN     string
+	Security   SecurityType
+	SkipVerify bool
 }
 
 //Domain returns the domain derived from BaseDN or an error if misconfigured.

src/go-ad-auth/conn.go

@@ -16,6 +16,12 @@ type Conn struct {
 
 //Connect returns an open connection to an Active Directory server or an error if one occurred.
 func (c *Config) Connect() (*Conn, error) {
+
+	tlscfg := &tls.Config{ServerName: c.Server}
+	if c.SkipVerify {
+		tlscfg.InsecureSkipVerify = true
+	}
+
 	switch c.Security {
 	case SecurityNone:
 		conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port))
@@ -24,7 +30,7 @@ func (c *Config) Connect() (*Conn, error) {
 		}
 		return &Conn{Conn: conn, Config: c}, nil
 	case SecurityTLS:
-		conn, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port), &tls.Config{ServerName: c.Server})
+		conn, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port), tlscfg)
 		if err != nil {
 			return nil, fmt.Errorf("Connection error: %v", err)
 		}

vendor/github.com/korylprince/go-ad-auth/.gitignore

@@ -1,3 +0,0 @@
-*.swp
-.env
-tags

vendor/modules.txt

@@ -1,5 +1,3 @@
-# github.com/korylprince/go-ad-auth v2.2.0+incompatible
-github.com/korylprince/go-ad-auth
 # golang.org/x/text v0.3.2
 golang.org/x/text/encoding
 golang.org/x/text/encoding/internal