Merge pull request #192 from DerDackel/ldapssl

Add LDAP over SSL support

conf/etc/supervisord.conf

@@ -0,0 +1,26 @@
+[unix_http_server]
+file=/tmp/supervisor.sock                       ; path to your socket file
+
+[supervisord]
+logfile=log/supervisord.log                    ; supervisord log file
+logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
+logfile_backups=10                              ; number of backed up logfiles
+loglevel=warn                                   ; info, debug, warn, trace
+pidfile=/tmp/supervisord.pid                    ; pidfile location
+nodaemon=false                                  ; run supervisord as a daemon
+minfds=1024                                     ; number of startup file descriptors
+minprocs=200                                    ; number of process descriptors
+user=root                                       ; default user
+childlogdir=log
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock           ; use a unix:// URL  for a unix socket
+
+[program:gogs]
+command = /root/Developer/gopath/src/github.com/gogits/gogs/start.sh	; here must be the real url, not ~ or $GOROOT like
+autostart = true
+stdout_logfile = log/supervisor-gogs-stderr.log
+stderr_logfile = log/supervisor-gogs-error.log

gogs_supervisord.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+
+echo 'plase remember to modify the command path in etc/conf/supervisord.conf(line 23)'
+
+PID="/tmp/supervisord.pid"
+CONF="conf/etc/supervisord.conf"
+
+LOGDIR="log"  
+if [ ! -d $LOGDIR ]; then  
+    mkdir $LOGDIR
+fi
+
+stop() {
+    if [ -f $PID ]; then
+        kill `cat -- $PID`
+        rm -f -- $PID
+        echo "stopped"
+    fi
+}
+
+start() {
+    echo "starting"
+    if [ ! -f $PID ]; then
+        supervisord -c $CONF
+        echo "started"
+    fi
+}
+
+case "$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    restart)
+        stop
+        start
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|restart}"
+esac

modules/auth/authentication.go

@@ -21,6 +21,7 @@ type AuthenticationForm struct {
 	Domain            string `form:"domain"`
 	Host              string `form:"host"`
 	Port              int    `form:"port"`
+	UseSSL            bool   `form:"usessl"`
 	BaseDN            string `form:"base_dn"`
 	Attributes        string `form:"attributes"`
 	Filter            string `form:"filter"`
@@ -39,6 +40,7 @@ func (f *AuthenticationForm) Name(field string) string {
 		"Domain":     "Domain name",
 		"Host":       "Host address",
 		"Port":       "Port Number",
+		"UseSSL":     "Use SSL",
 		"BaseDN":     "Base DN",
 		"Attributes": "Search attributes",
 		"Filter":     "Search filter",

modules/auth/ldap/ldap.go

@@ -18,6 +18,7 @@ type Ldapsource struct {
 	Name         string // canonical name (ie. corporate.ad)
 	Host         string // LDAP host
 	Port         int    // port number
+	UseSSL       bool   // Use SSL
 	BaseDN       string // Base DN
 	Attributes   string // Attribut to search
 	Filter       string // Query filter to validate entry
@@ -31,8 +32,8 @@ var (
 )
 
 // Add a new source (LDAP directory) to the global pool
-func AddSource(name string, host string, port int, basedn string, attributes string, filter string, msadsaformat string) {
-	ldaphost := Ldapsource{name, host, port, basedn, attributes, filter, msadsaformat, true}
+func AddSource(name string, host string, port int, usessl bool, basedn string, attributes string, filter string, msadsaformat string) {
+	ldaphost := Ldapsource{name, host, port, usessl, basedn, attributes, filter, msadsaformat, true}
 	Authensource = append(Authensource, ldaphost)
 }
 
@@ -52,7 +53,8 @@ func LoginUser(name, passwd string) (a string, r bool) {
 
 // searchEntry : search an LDAP source if an entry (name, passwd) is valide and in the specific filter
 func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
-	l, err := goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	l, err := ldapDial(ls)
+
 	if err != nil {
 		log.Debug("LDAP Connect error, disabled source %s", ls.Host)
 		ls.Enabled = false
@@ -85,3 +87,11 @@ func (ls Ldapsource) SearchEntry(name, passwd string) (string, bool) {
 	}
 	return "", true
 }
+
+func ldapDial(ls Ldapsource) (*goldap.Conn, error) {
+	if ls.UseSSL {
+		return goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), nil)
+	} else {
+		return goldap.Dial("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port))
+	}
+}

modules/base/conf.go

@@ -200,11 +200,12 @@ func newLdapService() {
 			ldapname := Cfg.MustValue(v, "name", v)
 			ldaphost := Cfg.MustValue(v, "host")
 			ldapport := Cfg.MustInt(v, "port", 389)
+			ldapusessl := Cfg.MustBool(v, "usessl", false)
 			ldapbasedn := Cfg.MustValue(v, "basedn", "dc=*,dc=*")
 			ldapattribute := Cfg.MustValue(v, "attribute", "mail")
 			ldapfilter := Cfg.MustValue(v, "filter", "(*)")
 			ldapmsadsaformat := Cfg.MustValue(v, "MSADSAFORMAT", "%s")
-			ldap.AddSource(ldapname, ldaphost, ldapport, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
+			ldap.AddSource(ldapname, ldaphost, ldapport, ldapusessl, ldapbasedn, ldapattribute, ldapfilter, ldapmsadsaformat)
 			nbsrc++
 			log.Debug("%s added as LDAP source", ldapname)
 		}

routers/admin/auths.go

@@ -44,6 +44,7 @@ func NewAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 			Ldapsource: ldap.Ldapsource{
 				Host:         form.Host,
 				Port:         form.Port,
+				UseSSL:       form.UseSSL,
 				BaseDN:       form.BaseDN,
 				Attributes:   form.Attributes,
 				Filter:       form.Filter,
@@ -121,6 +122,7 @@ func EditAuthSourcePost(ctx *middleware.Context, form auth.AuthenticationForm) {
 			Ldapsource: ldap.Ldapsource{
 				Host:         form.Host,
 				Port:         form.Port,
+				UseSSL:       form.UseSSL,
 				BaseDN:       form.BaseDN,
 				Attributes:   form.Attributes,
 				Filter:       form.Filter,

templates/admin/auths/edit.tmpl

@@ -53,6 +53,14 @@
                         </div>
                     </div>
 
+                    <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                         <label class="col-md-3 control-label">Use SSL: </label>
+                         <div class="col-md-7">
+                              <input name="usessl" class="form-control" type="checkbox" {{if .Source.LDAP.UseSSL}}checked{{end}}>
+                         </div>
+                    </div>
+
+
                     <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                         <label class="col-md-3 control-label">Base DN: </label>
                         <div class="col-md-7">
@@ -150,4 +158,4 @@
 
     </div>
 </div>
-{{template "base/footer" .}}
+{{template "base/footer" .}}

templates/admin/auths/new.tmpl

@@ -51,6 +51,13 @@
                             </div>
                         </div>
 
+                        <div class="form-group {{if .Err_UseSSL}}has-error has-feedback{{end}}">
+                             <label class="col-md-3 control-label">Use SSL: </label>
+                             <div class="col-md-7">
+                                  <input name="usessl" class="form-control" type="checkbox" {{if .usessl}}checked{{end}}>
+                             </div>
+                        </div>
+
                         <div class="form-group {{if .Err_BaseDN}}has-error has-feedback{{end}}">
                             <label class="col-md-3 control-label">Base DN: </label>
                             <div class="col-md-7">
@@ -158,4 +165,4 @@
         });
     });
 </script>
-{{template "base/footer" .}}
+{{template "base/footer" .}}