outposts/ldap: use forked version of ldap library

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-29 20:26:14 +02:00
parent b55cb2b40c
commit e7b498e8b4
8 changed files with 27 additions and 12 deletions

View file

@ -16,6 +16,7 @@ require (
github.com/go-openapi/validate v0.20.2
github.com/go-redis/redis/v7 v7.4.0 // indirect
github.com/go-swagger/go-swagger v0.27.0 // indirect
github.com/goauthentik/ldap v0.0.0-20210429185144-85625dd05305 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/gorilla/websocket v1.4.2
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
@ -24,7 +25,6 @@ require (
github.com/magiconair/properties v1.8.5 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 // indirect
github.com/nmcclain/ldap v0.0.0-20191021200707-3b3b69a7e9e3
github.com/oauth2-proxy/oauth2-proxy v0.0.0-20200831161845-e4e5580852dc
github.com/pelletier/go-toml v1.9.0 // indirect
github.com/pkg/errors v0.9.1

View file

@ -262,6 +262,10 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me
github.com/go-swagger/go-swagger v0.27.0 h1:K7+nkBuf4oS1jTBrdvWqYFpqD69V5CN8HamZzCDDhAI=
github.com/go-swagger/go-swagger v0.27.0/go.mod h1:WodZVysInJilkW7e6IRw+dZGp5yW6rlMFZ4cb+THl9A=
github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0=
github.com/goauthentik/ldap v0.0.0-20191021200707-3b3b69a7e9e3 h1:KQTKvQ6kc4FR5TBrtXqWOiguWRfdgeF78fryWadJWhk=
github.com/goauthentik/ldap v0.0.0-20191021200707-3b3b69a7e9e3/go.mod h1:CHV/6IPAy1W7K0UmTFp5cvr0cywMc0AUpD34fcmSXqM=
github.com/goauthentik/ldap v0.0.0-20210429185144-85625dd05305 h1:L7wiuRMudhGOTqA27d/cZWBJNZuDxwhhOKM9/Xj9MK4=
github.com/goauthentik/ldap v0.0.0-20210429185144-85625dd05305/go.mod h1:5Aek6cM0R+tYrhZh1BVX12a6NPFYPAlB8udRmWhhg6s=
github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
@ -505,8 +509,6 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWb
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 h1:D9EvfGQvlkKaDr2CRKN++7HbSXbefUNDrPq60T+g24s=
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484/go.mod h1:O1EljZ+oHprtxDDPHiMWVo/5dBT6PlvWX5PSwj80aBA=
github.com/nmcclain/ldap v0.0.0-20191021200707-3b3b69a7e9e3 h1:NNis9uuNpG5h97Dvxxo53Scg02qBg+3Nfabg6zjFGu8=
github.com/nmcclain/ldap v0.0.0-20191021200707-3b3b69a7e9e3/go.mod h1:YtrVB1/v9Td9SyjXpjYVmbdKgj9B0nPTBsdGUxy0i8U=
github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/oauth2-proxy/oauth2-proxy v0.0.0-20200831161845-e4e5580852dc h1:jf/4meI7lkRwGoiD7Ex/ns0BekEPKZ8nsB3u2oLhLGM=

View file

@ -1,17 +1,18 @@
package ldap
import (
"context"
"net"
"github.com/nmcclain/ldap"
"github.com/goauthentik/ldap"
)
func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) {
func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn, ctx context.Context) (ldap.LDAPResultCode, error) {
ls.log.WithField("boundDN", bindDN).Info("bind")
for _, instance := range ls.providers {
username, err := instance.getUsername(bindDN)
if err == nil {
return instance.Bind(username, bindPW, conn)
return instance.Bind(username, bindPW, conn, ctx)
}
}
ls.log.WithField("boundDN", bindDN).WithField("request", "bind").Warning("No provider found for request")

View file

@ -11,11 +11,13 @@ import (
goldap "github.com/go-ldap/ldap/v3"
httptransport "github.com/go-openapi/runtime/client"
"github.com/nmcclain/ldap"
"github.com/goauthentik/ldap"
"goauthentik.io/outpost/pkg/client/core"
"goauthentik.io/outpost/pkg/client/flows"
)
const ContextUserKey = "ak_user"
type UIDResponse struct {
UIDFIeld string `json:"uid_field"`
}
@ -42,7 +44,7 @@ func (pi *ProviderInstance) getUsername(dn string) (string, error) {
return "", errors.New("failed to find dn")
}
func (pi *ProviderInstance) Bind(username string, bindPW string, conn net.Conn) (ldap.LDAPResultCode, error) {
func (pi *ProviderInstance) Bind(username string, bindPW string, conn net.Conn, ctx context.Context) (ldap.LDAPResultCode, error) {
jar, err := cookiejar.New(nil)
if err != nil {
pi.log.WithError(err).Warning("Failed to create cookiejar")
@ -73,6 +75,16 @@ func (pi *ProviderInstance) Bind(username string, bindPW string, conn net.Conn)
return ldap.LDAPResultOperationsError, nil
}
pi.log.WithField("boundDN", username).Info("User has access")
// Get user info to store in context
userInfo, err := pi.s.ac.Client.Core.CoreUsersMe(&core.CoreUsersMeParams{
Context: ctx,
HTTPClient: client,
}, httptransport.PassThroughAuth)
if err != nil {
pi.log.WithField("boundDN", username).WithError(err).Warning("failed to get user info")
return ldap.LDAPResultOperationsError, nil
}
ctx = context.WithValue(ctx, ContextUserKey, userInfo.Payload.User)
return ldap.LDAPResultSuccess, nil
}

View file

@ -6,7 +6,7 @@ import (
"strconv"
"strings"
"github.com/nmcclain/ldap"
"github.com/goauthentik/ldap"
"goauthentik.io/outpost/pkg/client/core"
)

View file

@ -4,7 +4,7 @@ import (
log "github.com/sirupsen/logrus"
"goauthentik.io/outpost/pkg/ak"
"github.com/nmcclain/ldap"
"github.com/goauthentik/ldap"
)
const GroupObjectClass = "group"

View file

@ -5,7 +5,7 @@ import (
"net"
goldap "github.com/go-ldap/ldap/v3"
"github.com/nmcclain/ldap"
"github.com/goauthentik/ldap"
)
func (ls *LDAPServer) Search(boundDN string, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {

View file

@ -3,7 +3,7 @@ package ldap
import (
"fmt"
"github.com/nmcclain/ldap"
"github.com/goauthentik/ldap"
"goauthentik.io/outpost/pkg/models"
)