grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Use Go 1.22 and update dependencies
default
tip
2 months ago, aklitzing
f33f223bc8fe
Use Go 1.22 and update dependencies
Reviewed at https://reviews.imfreedom.org/r/2949/
package
access
import
(
"encoding/json"
"fmt"
"os"
"github.com/go-ldap/ldap/v3"
"go.uber.org/zap"
)
type
LdapConfig
struct
{
Username
string
`json:"username"`
Password
string
`json:"password"`
Address
string
`json:"address"`
BaseDN
string
`json:"baseDN"`
Filter
string
`json:"filter"`
Attribute
string
`json:"attribute"`
}
var
(
ldapCfg
*
LdapConfig
=
nil
)
func
refreshLdapConfig
(
path
string
)
error
{
if
path
==
""
{
return
nil
}
if
_
,
err
:=
os
.
Stat
(
path
);
err
!=
nil
{
return
err
}
data
,
err
:=
os
.
ReadFile
(
path
)
if
err
!=
nil
{
return
err
}
return
json
.
Unmarshal
(
data
,
&
ldapCfg
)
}
func
searchLdapPubkey
(
pubkey
string
)
string
{
if
ldapCfg
==
nil
{
return
""
}
connection
,
err
:=
ldap
.
DialURL
(
ldapCfg
.
Address
)
if
err
==
nil
{
defer
connection
.
Close
()
result
,
err
:=
bindAndSearch
(
connection
,
pubkey
)
if
err
==
nil
{
return
result
}
}
zap
.
S
().
Warn
(
err
)
return
""
}
func
bindAndSearch
(
connection
*
ldap
.
Conn
,
pubkey
string
)
(
string
,
error
)
{
err
:=
bind
(
connection
)
if
err
!=
nil
{
return
""
,
err
}
request
:=
ldap
.
NewSearchRequest
(
ldapCfg
.
BaseDN
,
ldap
.
ScopeWholeSubtree
,
ldap
.
NeverDerefAliases
,
0
,
0
,
false
,
fmt
.
Sprintf
(
ldapCfg
.
Filter
,
pubkey
),
[]
string
{
ldapCfg
.
Attribute
},
nil
,
)
result
,
err
:=
connection
.
Search
(
request
)
if
err
!=
nil
{
return
""
,
err
}
if
len
(
result
.
Entries
)
!=
1
{
return
""
,
fmt
.
Errorf
(
"cannot find unique user for: %s"
,
pubkey
)
}
return
result
.
Entries
[
0
].
GetAttributeValue
(
ldapCfg
.
Attribute
),
nil
}
func
bind
(
connection
*
ldap
.
Conn
)
error
{
if
ldapCfg
.
Password
==
""
{
return
connection
.
UnauthenticatedBind
(
ldapCfg
.
Username
)
}
return
connection
.
Bind
(
ldapCfg
.
Username
,
ldapCfg
.
Password
)
}