From 3e45cd5941b88faa11bc72d78a86d17fadf4b2f6 Mon Sep 17 00:00:00 2001 From: Paul Date: Tue, 3 Mar 2020 10:34:38 +0100 Subject: [PATCH] embedded go-ad-auth to adradius, tls skipverify added --- go.mod | 6 +++--- go.sum | 15 +++++++++++++-- src/adradius/adradius.go | 17 ++++++++++------- src/config/main.go | 4 +++- .../korylprince => src}/go-ad-auth/LICENSE | 0 .../korylprince => src}/go-ad-auth/README.md | 0 .../korylprince => src}/go-ad-auth/auth.go | 0 .../korylprince => src}/go-ad-auth/config.go | 9 +++++---- .../korylprince => src}/go-ad-auth/conn.go | 8 +++++++- .../korylprince => src}/go-ad-auth/group.go | 0 .../korylprince => src}/go-ad-auth/passwd.go | 0 .../korylprince => src}/go-ad-auth/search.go | 0 .../korylprince/go-ad-auth/.gitignore | 3 --- vendor/modules.txt | 2 -- 14 files changed, 41 insertions(+), 23 deletions(-) rename {vendor/github.com/korylprince => src}/go-ad-auth/LICENSE (100%) rename {vendor/github.com/korylprince => src}/go-ad-auth/README.md (100%) rename {vendor/github.com/korylprince => src}/go-ad-auth/auth.go (100%) rename {vendor/github.com/korylprince => src}/go-ad-auth/config.go (92%) rename {vendor/github.com/korylprince => src}/go-ad-auth/conn.go (93%) rename {vendor/github.com/korylprince => src}/go-ad-auth/group.go (100%) rename {vendor/github.com/korylprince => src}/go-ad-auth/passwd.go (100%) rename {vendor/github.com/korylprince => src}/go-ad-auth/search.go (100%) delete mode 100644 vendor/github.com/korylprince/go-ad-auth/.gitignore diff --git a/go.mod b/go.mod index cc2343e..a33e804 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module git.paulbsd.com/paulbsd/adradius go 1.13 require ( - github.com/korylprince/go-ad-auth v2.2.0+incompatible - golang.org/x/text v0.3.2 // indirect + github.com/smartystreets/goconvey v1.6.4 // indirect + golang.org/x/text v0.3.2 gopkg.in/ini.v1 v1.52.0 - gopkg.in/ldap.v3 v3.1.0 // indirect + gopkg.in/ldap.v3 v3.1.0 layeh.com/radius v0.0.0-20190322222518-890bc1058917 ) diff --git a/go.sum b/go.sum index 14dfb38..e903919 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,19 @@ -github.com/korylprince/go-ad-auth v2.2.0+incompatible h1:g/vTHSQfe2y0D9LATowYJwj735wLjD+pBS9fN7Ady70= -github.com/korylprince/go-ad-auth v2.2.0+incompatible/go.mod h1:mMfgOVgAwVJiM4rureWH1QSktKw9tEe0dAbT7ObIzfM= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw= gopkg.in/ini.v1 v1.52.0 h1:j+Lt/M1oPPejkniCg1TkWE2J3Eh1oZTsHSXzMTzUXn4= diff --git a/src/adradius/adradius.go b/src/adradius/adradius.go index 3da7e1b..741736b 100644 --- a/src/adradius/adradius.go +++ b/src/adradius/adradius.go @@ -4,7 +4,7 @@ import ( "log" "git.paulbsd.com/paulbsd/adradius/src/config" - auth "github.com/korylprince/go-ad-auth" + auth "git.paulbsd.com/paulbsd/adradius/src/go-ad-auth" "layeh.com/radius" "layeh.com/radius/rfc2865" ) @@ -20,18 +20,21 @@ func SetADRadiusConfig(c *config.Config) (ldapconfig *auth.Config, err error) { } ldapconfig = &auth.Config{ - Server: c.Server, - Port: c.Port, - BaseDN: c.BaseDN, - Security: security, + Server: c.Server, + Port: c.Port, + BaseDN: c.BaseDN, + Security: security, + SkipVerify: c.SkipVerify, } + ldapconfig.Connect() + return } // ADauth process authentication to Active Directory -func ADauth(config *auth.Config, username string, password string) (status bool, err error) { - status, err = auth.Authenticate(config, username, password) +func ADauth(ldapconfig *auth.Config, username string, password string) (status bool, err error) { + status, err = auth.Authenticate(ldapconfig, username, password) if err != nil { return } diff --git a/src/config/main.go b/src/config/main.go index 7b345a7..84581ce 100644 --- a/src/config/main.go +++ b/src/config/main.go @@ -3,8 +3,8 @@ package config import ( "flag" + auth "git.paulbsd.com/paulbsd/adradius/src/go-ad-auth" "git.paulbsd.com/paulbsd/adradius/utils" - auth "github.com/korylprince/go-ad-auth" "gopkg.in/ini.v1" ) @@ -27,6 +27,7 @@ func (c *Config) GetConfig() (err error) { c.TLS = adradiusSection.Key("tls").MustBool() c.Listen = adradiusSection.Key("listen").MustString(":1812") c.Secret = adradiusSection.Key("secret").MustString("secret") + c.SkipVerify = adradiusSection.Key("skipverify").MustBool() if err != nil { return @@ -45,4 +46,5 @@ type Config struct { Listen string Secret string Security auth.SecurityType + SkipVerify bool } diff --git a/vendor/github.com/korylprince/go-ad-auth/LICENSE b/src/go-ad-auth/LICENSE similarity index 100% rename from vendor/github.com/korylprince/go-ad-auth/LICENSE rename to src/go-ad-auth/LICENSE diff --git a/vendor/github.com/korylprince/go-ad-auth/README.md b/src/go-ad-auth/README.md similarity index 100% rename from vendor/github.com/korylprince/go-ad-auth/README.md rename to src/go-ad-auth/README.md diff --git a/vendor/github.com/korylprince/go-ad-auth/auth.go b/src/go-ad-auth/auth.go similarity index 100% rename from vendor/github.com/korylprince/go-ad-auth/auth.go rename to src/go-ad-auth/auth.go diff --git a/vendor/github.com/korylprince/go-ad-auth/config.go b/src/go-ad-auth/config.go similarity index 92% rename from vendor/github.com/korylprince/go-ad-auth/config.go rename to src/go-ad-auth/config.go index c4133ff..c5c15f7 100644 --- a/vendor/github.com/korylprince/go-ad-auth/config.go +++ b/src/go-ad-auth/config.go @@ -19,10 +19,11 @@ const ( //Config contains settings for connecting to an Active Directory server. type Config struct { - Server string - Port int - BaseDN string - Security SecurityType + Server string + Port int + BaseDN string + Security SecurityType + SkipVerify bool } //Domain returns the domain derived from BaseDN or an error if misconfigured. diff --git a/vendor/github.com/korylprince/go-ad-auth/conn.go b/src/go-ad-auth/conn.go similarity index 93% rename from vendor/github.com/korylprince/go-ad-auth/conn.go rename to src/go-ad-auth/conn.go index 26ebbb1..8bb38ef 100644 --- a/vendor/github.com/korylprince/go-ad-auth/conn.go +++ b/src/go-ad-auth/conn.go @@ -16,6 +16,12 @@ type Conn struct { //Connect returns an open connection to an Active Directory server or an error if one occurred. func (c *Config) Connect() (*Conn, error) { + + tlscfg := &tls.Config{ServerName: c.Server} + if c.SkipVerify { + tlscfg.InsecureSkipVerify = true + } + switch c.Security { case SecurityNone: conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port)) @@ -24,7 +30,7 @@ func (c *Config) Connect() (*Conn, error) { } return &Conn{Conn: conn, Config: c}, nil case SecurityTLS: - conn, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port), &tls.Config{ServerName: c.Server}) + conn, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", c.Server, c.Port), tlscfg) if err != nil { return nil, fmt.Errorf("Connection error: %v", err) } diff --git a/vendor/github.com/korylprince/go-ad-auth/group.go b/src/go-ad-auth/group.go similarity index 100% rename from vendor/github.com/korylprince/go-ad-auth/group.go rename to src/go-ad-auth/group.go diff --git a/vendor/github.com/korylprince/go-ad-auth/passwd.go b/src/go-ad-auth/passwd.go similarity index 100% rename from vendor/github.com/korylprince/go-ad-auth/passwd.go rename to src/go-ad-auth/passwd.go diff --git a/vendor/github.com/korylprince/go-ad-auth/search.go b/src/go-ad-auth/search.go similarity index 100% rename from vendor/github.com/korylprince/go-ad-auth/search.go rename to src/go-ad-auth/search.go diff --git a/vendor/github.com/korylprince/go-ad-auth/.gitignore b/vendor/github.com/korylprince/go-ad-auth/.gitignore deleted file mode 100644 index a0bbe17..0000000 --- a/vendor/github.com/korylprince/go-ad-auth/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.swp -.env -tags diff --git a/vendor/modules.txt b/vendor/modules.txt index 02705a9..385bf2b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,5 +1,3 @@ -# github.com/korylprince/go-ad-auth v2.2.0+incompatible -github.com/korylprince/go-ad-auth # golang.org/x/text v0.3.2 golang.org/x/text/encoding golang.org/x/text/encoding/internal