| 1 |
commit: 15ba64574f1bc3e00334c945ca49092eaa07276a |
| 2 |
Author: Manuel Rüger <mrueg <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Jul 16 13:14:16 2017 +0000 |
| 4 |
Commit: Manuel Rüger <mrueg <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Jul 16 13:15:13 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15ba6457 |
| 7 |
|
| 8 |
sys-auth/docker_auth: Update snapshot |
| 9 |
|
| 10 |
Package-Manager: Portage-2.3.6, Repoman-2.3.2 |
| 11 |
|
| 12 |
sys-auth/docker_auth/Manifest | 5 + |
| 13 |
.../docker_auth/docker_auth-1.2.1_p20170711.ebuild | 77 +++++ |
| 14 |
.../files/docker_auth-ldap-group-support.patch | 363 +++++++++++++++++++++ |
| 15 |
3 files changed, 445 insertions(+) |
| 16 |
|
| 17 |
diff --git a/sys-auth/docker_auth/Manifest b/sys-auth/docker_auth/Manifest |
| 18 |
index b392b14246d..f5f2b7db1bd 100644 |
| 19 |
--- a/sys-auth/docker_auth/Manifest |
| 20 |
+++ b/sys-auth/docker_auth/Manifest |
| 21 |
@@ -1,8 +1,11 @@ |
| 22 |
DIST docker_auth-1.2.1.tar.gz 40378 SHA256 8134310d34a2cb8dc1b2b843e8617eba508659133453b272d66459dc251a91f2 SHA512 07fb139ccf8bd0e39541144bc320985f9865d1d710c8b5c5941d0ff6f6a9381d454522eadd44af9162e8d4b98b6c69926067b9439363e5ab104e67c1ae41f2b5 WHIRLPOOL 2b1c5a9e9120694641ae019c244ce097abb9f51fb34a25b2ee486674bc19dee1e24d26f5a8a922ad741971b4f60b13751b34565056603dd9b11095eac60bcd8b |
| 23 |
+DIST docker_auth-1.2.1_p20170711.tar.gz 40378 SHA256 8134310d34a2cb8dc1b2b843e8617eba508659133453b272d66459dc251a91f2 SHA512 07fb139ccf8bd0e39541144bc320985f9865d1d710c8b5c5941d0ff6f6a9381d454522eadd44af9162e8d4b98b6c69926067b9439363e5ab104e67c1ae41f2b5 WHIRLPOOL 2b1c5a9e9120694641ae019c244ce097abb9f51fb34a25b2ee486674bc19dee1e24d26f5a8a922ad741971b4f60b13751b34565056603dd9b11095eac60bcd8b |
| 24 |
DIST github.com-cesanta-glog-22eb27a0ae192b290b25537b8e876556fc25129c.tar.gz 20273 SHA256 9960f3d916d6dba8e745cccc6fdef3982f57b6034321cb29d2df8c7ddb2d41d0 SHA512 3c4b757fc0d0e45382b1ef0180eea2f0429e8c7ecac0089fca79bc717f6c0a04918b91a144ca78331178cc914b808b40596c6a6e214157d2f812858be31c13d6 WHIRLPOOL f4d4abff55e1704d53efb52072405199e6d10b72aaf4abe5b9fe0b2255014da311f3f5d95ba69d1e4faed74511d0641658562eb46ae6279a417b4ac40dc92971 |
| 25 |
DIST github.com-dchest-uniuri-8902c56451e9b58ff940bbe5fec35d5f9c04584a.tar.gz 2471 SHA256 f0e76f66c27b485fb8fd76ed0da635bf34751714487a16931f07bf1b1986b30f SHA512 70421b526e3040a49e63be6c892de2953b4f9ecdb01b148eb2bab3814f610a8c39bd98aad858cbaf9dcf621b52ee9ef952f0cdcdc6eca77da8ebf80dbbf1c04c WHIRLPOOL 63b97e4c3aa3b0275d3e2cd8f4fcdc523da62abba89b177c4f2a228bd7237fe719804e24616c082a41a2fef421ec3ed86be399cc207265675931a1e4cb73e050 |
| 26 |
+DIST github.com-deckarep-golang-set-3a36ffa8b5bf7cd329c8834c6b743d6930dad12f.tar.gz 12556 SHA256 0a40212b47dab5aef266a4af14c84e96c3ed8a16eb6920168091192ed6f0cd33 SHA512 99403278805067a6f4d831f664e58b6bea510f2b51db3c1335f4b09a1dbb3b0ef886d7150faf48c7fba1f1c29f17f335b6a8af4b35e3dfe8be07daa8510adfe8 WHIRLPOOL 9326c0f9c1a0d72db28bb6678bd5d1ba0dc18979e1b67d9034890f5aea0440de7f65d054226cbd1234a8ac572ac832bc03e6fa221ec830a134b1b5e7f5a50d86 |
| 27 |
DIST github.com-deckarep-golang-set-da5f92821c31f5f1e2fe1a768c8b6052278532f2.tar.gz 11803 SHA256 13769b15f251990919c888fa63d08b901c4609a691833ae902fd2c8f71368ea9 SHA512 725882a828be7a76b403c40b818da91039c9654a27e1b1f25219ed382cfc36cafb0c03e651a4f5ea80e90de4bf0fdb58d826dfc2b3d2c28a40882f7d0064ee45 WHIRLPOOL a1326a564d0ea98397672b4567cf73cc756fe8aa7447544bfdb5aef1ac13890a876253a19bdd1617fce628710d89f701c028b347dd734f06a722344eaee1dfa7 |
| 28 |
DIST github.com-docker-distribution-a40abc69f2ecea20dd7944537a119c2ce2b3f957.tar.gz 1744995 SHA256 64ce52b56f3d088d621db6dcbfbae95cee124a53175029286a1cb420bc5ec9f0 SHA512 223d36f74d35257c6e916c4b05e5f81efb3ffdfa0c01077307926e2cfa66e26e897ec718e00599a71c83e53c17726646476017a3d6a403c2ac797e7f29b0e7a2 WHIRLPOOL fc7d84f4b6e28f39489f8e49addd11babb073332ba1b047c5c040249093f62cff2494b67b0ae8a45c7154480d1fbf8418a058adea568832398009896fba3e104 |
| 29 |
+DIST github.com-docker-distribution-f86db6b22663a27ba4d278220b7e34be528b1e79.tar.gz 1754936 SHA256 ac7440fe991fa0d0616df3d9fb0a3d21be51d891041596e5f037bc0e979a1d60 SHA512 448d991bd9ac90185c65e06f3fbd5e2859f3fe7111d06dd56ecd6abc8a74374f031950d32dee130ab2aceddbd6d39b2f978a25b6879b05f0814521b676b49b2a WHIRLPOOL 5fcf75423b43393737ef15c923aca29f3ec7ac6165511c4ec6c6d9c5fbc6cc2d3b9ce6fba8f111902a685b34bec5cfa2387b7676eb330eaf6ef9aa4beb56c474 |
| 30 |
DIST github.com-docker-libtrust-aabc10ec26b754e797f9028f4589c5b7bd90dc20.tar.gz 39352 SHA256 a3cb5fd53b4eb0ef259f039d0d10e237c8fff86993f9335959cf233956f0c065 SHA512 31d5a613807764c03d3356ee134bf384eca7953d4113e35d8fcce322611c25b444dd07904eb34c86c7e951529040c33fa821a56a687260e9298f900c7907e83b WHIRLPOOL 0b1cd73ba1ca2858324d6bc7f862bb794480d908250b8e05b3b28ff06837420e3b71107d040d3dfdda031cbcb72d0d0a3e934406a06d0e21c9a69708363b8f92 |
| 31 |
DIST github.com-facebookgo-clock-600d898af40aa09a7a93ecb9265d87b0504b6f03.tar.gz 6382 SHA256 363140ddedf035ef012e0b17a35d32210f51b7f160c3fb0e89d08aa83d1870e0 SHA512 023741d93573d53471d1ec10a47c2a0034ecd0e0db35440b50bc7085ddd94e9cd5d0388586a25b060b50a1b9e442d4974a931b3f5d14aa1710629f19ad4acf8f WHIRLPOOL 2dd3fce28c58fb16998449d47433b3e0f726ef74323b116d60c4cfffeb9dac57320602883ab1b620b4ae9099e88f398dc34463f389008e8cfeff457db9b22c5d |
| 32 |
DIST github.com-facebookgo-httpdown-a3b1354551a26449fbe05f5d855937f6e7acbd71.tar.gz 9729 SHA256 c34330738c168a17a7720bd32fb00311005bd8c0d6bb5d6690bb2e73a81386ca SHA512 1958e337e1fd896227dd4a2eb551ffe92ffe12a25acdc422ad14c6234eb5e080a6f537f73175c2246768978803edf5fd9425925880546746e996e51a232bc7bd WHIRLPOOL 2234ea870430e3e35771550add39542f84522f656193f14b794dedca0a4c3a537513d8a6b686265e814d528e3c9139fc125f3584531a24bc3862f724e36b43ce |
| 33 |
@@ -10,7 +13,9 @@ DIST github.com-facebookgo-stats-1b76add642e42c6ffba7211ad7b3939ce654526e.tar.gz |
| 34 |
DIST github.com-fsnotify-fsnotify-4da3e2cfbabc9f751898f250b49f2439785783a1.tar.gz 30624 SHA256 782e83c5384cb2e233b947ffba27c8d067f23fadf38b86f6df779c144425cc36 SHA512 cff467ffbed22edf4cde7a52e0f0d7a5b4a06446a6140ad7fa018dfcce3b400342223d888a0389042d2e6fd7abe261d0e515adc6e4c03a74e3cf074e88af17ab WHIRLPOOL e6cadc7272518d2ecd03e9b208b12500fe6b5bea6c490a22133b8021bd2befc77cce104d29c2ceb01f0b18e0f2eef44321fe61427c2834bc09ced956526c6f36 |
| 35 |
DIST github.com-go-asn1-ber-asn1-ber-b144e4fe15d4968eb8d6e33d70761727d124814e.tar.gz 12224 SHA256 a8eb53081c4b6a2be08ea5a2bb26e2203899f4e00a694beba39cd71517172df1 SHA512 9fe072dfe167c7d51d838e1e0b4751c158e2b340409fb51a5d311ed6fb66b18c2daf27364c67bfc58faa4338206c706cbd13e1d022c6a7a08a2adf0a9fc9e6a6 WHIRLPOOL 80f6d89b810ff38c345ab64829c2311f7d82fc69608ba06fecad87fd412f3e1fc272d03e19d942b67e571fb2a39754e3505849693e5ee56932cfc4f38f4b96ac |
| 36 |
DIST github.com-go-ldap-ldap-13cedcf58a1ea124045dea529a66c849d3444c8e.tar.gz 36378 SHA256 624fa69738c3b768fc39fe68dfc84aee19ec969340396e85ca70ab717d1285d2 SHA512 3d4265b36e77b77357dd4f3f757bcdcb2dd4fc677ec83a33ee125d48ca19431075b0ab8087a4cb7d0a5027b1c2ea6ca516003c81b4d7df55de9c54ec6dc248fa WHIRLPOOL 448cb863e7888dc509e9b7d530b79f65fdd084b1f8c3673deb69fedeaf24e785786d0c7bb0b02816c62bd8b2faa85b7026701aa5de74c241b1fe889909d0b216 |
| 37 |
+DIST github.com-go-ldap-ldap-37f35d7ffc6b8219cc62f5e182e258d143be670b.tar.gz 36443 SHA256 255a6d7180fd4a2ce0ad39af8a3e178cdf4b776c1516ecd1f6f22a4e7af7ffcb SHA512 c8a8c877f03bf4f246aeb1f7c2f17c5a848db970b46a93675263fb9f18ad50e56802fdf3d734185aed9c5f10de0366c906161607ce281a74c316fb57769fb970 WHIRLPOOL 095cd2ca3c745acd6b2b6e3e85fd40b3b6b98dbebf70260c8063e2c275ec40e76f24c1e30cf35105f93da52286c30cb161da39656e400a9f7943774af09f8211 |
| 38 |
DIST github.com-go-mgo-mgo-3f83fa5005286a7fe593b055f0d7771a7dce4655.tar.gz 376880 SHA256 6c97700204a9078a08bb0e67e8519c5f3a8c892b0401244a17bc2c0838410b9f SHA512 f0e7948d4672d29d3d0a741961ff8a75d30c556e157698118a32de10e2af8eb2ae6a61feea1c93aff313596d285a048a70dae7339c66760ebb91a1aecfb05845 WHIRLPOOL b95f88c8c023434b058426d8c8e5e230a1a4b6ba2bd701a0a078bfd774f861fcbff24fd08af6ed067fd3ea168854eec8c15708baf5275cb5c1e9ccce61d738c6 |
| 39 |
+DIST github.com-go-yaml-yaml-3b4ad1db5b2a649883ff3782f5f9f6fb52be71af.tar.gz 61016 SHA256 e986d71ee8566b97b1eebf34b6c6250e816253ac93d66778b3d75af56f7cfd9d SHA512 fe23b0d3df64b5e831c936ce7726555ab204d2896f362de9e201c59d128bcc09c852d664bdb66f881f89a7183eca5dd815312951a87ea92cca5be7e64362957d WHIRLPOOL d71b7649d502ceb6a9163e2dbd99d38f40297bab401b392808d259886f8bf8d2bc5637eec9b8dfb48561839fb0e8223292f3769f85c6b3390a976ad4304fcf54 |
| 40 |
DIST github.com-go-yaml-yaml-cd8b52f8269e0feb286dfeef29f8fe4d5b397e0b.tar.gz 60805 SHA256 11a6ce686bb70ab92020f2dffadc2e024e267a6564a62b0091e2974474c7f88d SHA512 268498022f34c4b59b5b75443ee10fd4273203f4b77bfa11b08a792c004cf13e3010c34b4c15cee2b4e7f3c910648d9897700f60ab00b327d78c49e97497fe2b WHIRLPOOL b2d18dc7354fa6e4819c2b1437e3dce55212fbf6e907361b82bfefc0b2306f12cbf70560c3819e2a81426e538949f05be01c6b8b3f3e53a3aa6daf828e95d537 |
| 41 |
DIST github.com-golang-crypto-5a033cc77e57eca05bdb50522851d29e03569cbe.tar.gz 1333656 SHA256 e1d4738690414c7b30df144586212b1fda58e8a882d1f75b01f48c3261d31701 SHA512 2d063f8319cb41f0f0c1f46fd4086c901f6a02833dc3110c46d2e6098b90f1a2f626bccc5aba6fbbafca2f4e31c20a9ae5c4f3f95a268abf82cbc490d1be70af WHIRLPOOL 313c6daeb98083fb6072432948e89d927fb3c9c73d95bbde9ef2afa19200526b887e724c97a2fdfdd45eb56ff114322d83417763ce7a31797d009cb1fd62312a |
| 42 |
DIST github.com-golang-snappy-553a641470496b2327abcac10b36396bd98e45c9.tar.gz 62076 SHA256 2ddf0f394a8b5a83942ac351cff5c04f936e6bd6e6cecc73ce6145b9bfd4c6e7 SHA512 a324c8a7687e820f6b322930a054d1e7fc4c37bb66a95d473ef2a67fed703de90e8cc3072273ad2f9c681b1cf7ec1acc0ee9dc735ab593e23eea5cde96eea8a6 WHIRLPOOL cd942c31b7b6d084190030383c0342fbb64baada50f93f07d0cb36c412515f3f528301336d6b0f310b34181acc1f2532bad2b6eddfca245ae0d02e1cffee0656 |
| 43 |
|
| 44 |
diff --git a/sys-auth/docker_auth/docker_auth-1.2.1_p20170711.ebuild b/sys-auth/docker_auth/docker_auth-1.2.1_p20170711.ebuild |
| 45 |
new file mode 100644 |
| 46 |
index 00000000000..410f72d2af5 |
| 47 |
--- /dev/null |
| 48 |
+++ b/sys-auth/docker_auth/docker_auth-1.2.1_p20170711.ebuild |
| 49 |
@@ -0,0 +1,77 @@ |
| 50 |
+# Copyright 1999-2017 Gentoo Foundation |
| 51 |
+# Distributed under the terms of the GNU General Public License v2 |
| 52 |
+ |
| 53 |
+EAPI=6 |
| 54 |
+EGO_PN="github.com/cesanta/docker_auth" |
| 55 |
+ |
| 56 |
+EGO_VENDOR=( |
| 57 |
+ "github.com/dchest/uniuri 8902c56451e9b58ff940bbe5fec35d5f9c04584a" |
| 58 |
+ "github.com/deckarep/golang-set 3a36ffa8b5bf7cd329c8834c6b743d6930dad12f" |
| 59 |
+ "github.com/docker/distribution f86db6b22663a27ba4d278220b7e34be528b1e79" |
| 60 |
+ "github.com/docker/libtrust aabc10ec26b754e797f9028f4589c5b7bd90dc20" |
| 61 |
+ "github.com/facebookgo/httpdown a3b1354551a26449fbe05f5d855937f6e7acbd71" |
| 62 |
+ "github.com/facebookgo/clock 600d898af40aa09a7a93ecb9265d87b0504b6f03" |
| 63 |
+ "github.com/facebookgo/stats 1b76add642e42c6ffba7211ad7b3939ce654526e" |
| 64 |
+ "github.com/go-ldap/ldap 37f35d7ffc6b8219cc62f5e182e258d143be670b" |
| 65 |
+ "github.com/cesanta/glog 22eb27a0ae192b290b25537b8e876556fc25129c" |
| 66 |
+ "github.com/syndtr/goleveldb 8c81ea47d4c41a385645e133e15510fc6a2a74b4" |
| 67 |
+ "github.com/golang/snappy 553a641470496b2327abcac10b36396bd98e45c9" |
| 68 |
+ "gopkg.in/asn1-ber.v1 b144e4fe15d4968eb8d6e33d70761727d124814e github.com/go-asn1-ber/asn1-ber" |
| 69 |
+ "gopkg.in/fsnotify.v1 4da3e2cfbabc9f751898f250b49f2439785783a1 github.com/fsnotify/fsnotify" |
| 70 |
+ "gopkg.in/mgo.v2 3f83fa5005286a7fe593b055f0d7771a7dce4655 github.com/go-mgo/mgo" |
| 71 |
+ "gopkg.in/yaml.v2 3b4ad1db5b2a649883ff3782f5f9f6fb52be71af github.com/go-yaml/yaml" |
| 72 |
+ "golang.org/x/crypto 5a033cc77e57eca05bdb50522851d29e03569cbe github.com/golang/crypto" |
| 73 |
+ "golang.org/x/sys 9ccfe848b9db8435a24c424abbc07a921adf1df5 github.com/golang/sys" |
| 74 |
+ ) |
| 75 |
+ |
| 76 |
+inherit user golang-build golang-vcs-snapshot |
| 77 |
+EGIT_COMMIT="d76a69c31cdef1ea1c21b0c675aaeaef6d87594f" |
| 78 |
+SHORT_COMMIT=${EGIT_COMMIT:0:7} |
| 79 |
+SRC_URI="https://${EGO_PN}/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz |
| 80 |
+ ${EGO_VENDOR_URI}" |
| 81 |
+KEYWORDS="~amd64" |
| 82 |
+ |
| 83 |
+DESCRIPTION="Docker Registry 2 authentication server" |
| 84 |
+HOMEPAGE="http://github.com/cesanta/docker_auth" |
| 85 |
+ |
| 86 |
+LICENSE="Apache-2.0" |
| 87 |
+SLOT="0" |
| 88 |
+IUSE="" |
| 89 |
+ |
| 90 |
+RESTRICT="test" |
| 91 |
+ |
| 92 |
+pkg_setup() { |
| 93 |
+ enewgroup ${PN} |
| 94 |
+ enewuser ${PN} -1 -1 /dev/null ${PN} |
| 95 |
+} |
| 96 |
+ |
| 97 |
+src_prepare() { |
| 98 |
+ default |
| 99 |
+ pushd src/${EGO_PN} |
| 100 |
+ eapply "${FILESDIR}/${PN}-ldap-group-support.patch" |
| 101 |
+ cp "${FILESDIR}/version.go" auth_server/version.go || die |
| 102 |
+ sed -i -e "s/{version}/${PV}/" -e "s/{build_id}/${SHORT_COMMIT}/" auth_server/version.go || die |
| 103 |
+ popd || die |
| 104 |
+} |
| 105 |
+ |
| 106 |
+src_compile() { |
| 107 |
+ pushd src/${EGO_PN}/auth_server || die |
| 108 |
+ GOPATH="${WORKDIR}/${P}" go build -o "bin/auth_server" || die |
| 109 |
+ popd || die |
| 110 |
+} |
| 111 |
+ |
| 112 |
+src_install() { |
| 113 |
+ pushd src/${EGO_PN} || die |
| 114 |
+ dodoc README.md docs/Backend_MongoDB.md |
| 115 |
+ insinto /usr/share/${PF} |
| 116 |
+ doins -r examples |
| 117 |
+ insinto /etc/docker_auth/ |
| 118 |
+ newins examples/reference.yml config.yml.example |
| 119 |
+ dobin auth_server/bin/auth_server |
| 120 |
+ popd || die |
| 121 |
+ newinitd "${FILESDIR}"/${PN}.initd ${PN} |
| 122 |
+ newconfd "${FILESDIR}"/${PN}.confd ${PN} |
| 123 |
+ insinto /etc/logrotate.d |
| 124 |
+ newins "${FILESDIR}"/${PN}.logrotated ${PN} |
| 125 |
+ keepdir /var/log/docker_auth |
| 126 |
+} |
| 127 |
|
| 128 |
diff --git a/sys-auth/docker_auth/files/docker_auth-ldap-group-support.patch b/sys-auth/docker_auth/files/docker_auth-ldap-group-support.patch |
| 129 |
new file mode 100644 |
| 130 |
index 00000000000..69858872f49 |
| 131 |
--- /dev/null |
| 132 |
+++ b/sys-auth/docker_auth/files/docker_auth-ldap-group-support.patch |
| 133 |
@@ -0,0 +1,363 @@ |
| 134 |
+From 4a33badac6b74617dfe3797a716a6907cf018b27 Mon Sep 17 00:00:00 2001 |
| 135 |
+From: Kevin <kcd83@××××××××××××××××××××.com> |
| 136 |
+Date: Mon, 27 Feb 2017 19:09:52 +1300 |
| 137 |
+Subject: [PATCH 1/3] Initial proof of concept mapping memberOf CN to the label |
| 138 |
+ groups #63 |
| 139 |
+ |
| 140 |
+--- |
| 141 |
+ auth_server/authn/ldap_auth.go | 73 ++++++++++++++++++++++++++++++++++-------- |
| 142 |
+ 1 file changed, 60 insertions(+), 13 deletions(-) |
| 143 |
+ |
| 144 |
+diff --git a/auth_server/authn/ldap_auth.go b/auth_server/authn/ldap_auth.go |
| 145 |
+index f8fc08f..42f5ad0 100644 |
| 146 |
+--- a/auth_server/authn/ldap_auth.go |
| 147 |
++++ b/auth_server/authn/ldap_auth.go |
| 148 |
+@@ -17,7 +17,6 @@ |
| 149 |
+ package authn |
| 150 |
+ |
| 151 |
+ import ( |
| 152 |
+- "bytes" |
| 153 |
+ "crypto/tls" |
| 154 |
+ "fmt" |
| 155 |
+ "io/ioutil" |
| 156 |
+@@ -71,10 +70,20 @@ func (la *LDAPAuth) Authenticate(account string, password PasswordString) (bool, |
| 157 |
+ account = la.escapeAccountInput(account) |
| 158 |
+ |
| 159 |
+ filter := la.getFilter(account) |
| 160 |
+- accountEntryDN, uSearchErr := la.ldapSearch(l, &la.config.Base, &filter, &[]string{}) |
| 161 |
++ |
| 162 |
++ // dnAndGroupAttr := []string{"DN"} // example of no groups mapping attribute |
| 163 |
++ groupAttribute := "memberOf" |
| 164 |
++ dnAndGroupAttr := []string{"DN", groupAttribute} |
| 165 |
++ |
| 166 |
++ entryAttrMap, uSearchErr := la.ldapSearch(l, &la.config.Base, &filter, &dnAndGroupAttr) |
| 167 |
+ if uSearchErr != nil { |
| 168 |
+ return false, nil, uSearchErr |
| 169 |
+ } |
| 170 |
++ if len(entryAttrMap) < 1 || entryAttrMap["DN"] == nil || len(entryAttrMap["DN"]) != 1 { |
| 171 |
++ return false, nil, NoMatch // User does not exist |
| 172 |
++ } |
| 173 |
++ |
| 174 |
++ accountEntryDN := entryAttrMap["DN"][0] |
| 175 |
+ if accountEntryDN == "" { |
| 176 |
+ return false, nil, NoMatch // User does not exist |
| 177 |
+ } |
| 178 |
+@@ -93,6 +102,20 @@ func (la *LDAPAuth) Authenticate(account string, password PasswordString) (bool, |
| 179 |
+ return false, nil, bindErr |
| 180 |
+ } |
| 181 |
+ |
| 182 |
++ // Extract group names from the attribute values |
| 183 |
++ if entryAttrMap[groupAttribute] != nil { |
| 184 |
++ rawGroups := entryAttrMap[groupAttribute] |
| 185 |
++ labels := make(map[string][]string) |
| 186 |
++ var groups []string |
| 187 |
++ for _, value := range rawGroups { |
| 188 |
++ cn := la.getCNFromDN(value) |
| 189 |
++ groups = append(groups, cn) |
| 190 |
++ } |
| 191 |
++ labels["groups"] = groups |
| 192 |
++ |
| 193 |
++ return true, labels, nil |
| 194 |
++ } |
| 195 |
++ |
| 196 |
+ return true, nil, nil |
| 197 |
+ } |
| 198 |
+ |
| 199 |
+@@ -170,9 +193,9 @@ func (la *LDAPAuth) getFilter(account string) string { |
| 200 |
+ |
| 201 |
+ //ldap search and return required attributes' value from searched entries |
| 202 |
+ //default return entry's DN value if you leave attrs array empty |
| 203 |
+-func (la *LDAPAuth) ldapSearch(l *ldap.Conn, baseDN *string, filter *string, attrs *[]string) (string, error) { |
| 204 |
++func (la *LDAPAuth) ldapSearch(l *ldap.Conn, baseDN *string, filter *string, attrs *[]string) (map[string][]string, error) { |
| 205 |
+ if l == nil { |
| 206 |
+- return "", fmt.Errorf("No ldap connection!") |
| 207 |
++ return nil, fmt.Errorf("No ldap connection!") |
| 208 |
+ } |
| 209 |
+ glog.V(2).Infof("Searching...basedDN:%s, filter:%s", *baseDN, *filter) |
| 210 |
+ searchRequest := ldap.NewSearchRequest( |
| 211 |
+@@ -183,30 +206,54 @@ func (la *LDAPAuth) ldapSearch(l *ldap.Conn, baseDN *string, filter *string, att |
| 212 |
+ nil) |
| 213 |
+ sr, err := l.Search(searchRequest) |
| 214 |
+ if err != nil { |
| 215 |
+- return "", err |
| 216 |
++ return nil, err |
| 217 |
+ } |
| 218 |
+ |
| 219 |
+ if len(sr.Entries) == 0 { |
| 220 |
+- return "", nil // User does not exist |
| 221 |
++ return nil, nil // User does not exist |
| 222 |
+ } else if len(sr.Entries) > 1 { |
| 223 |
+- return "", fmt.Errorf("Too many entries returned.") |
| 224 |
++ return nil, fmt.Errorf("Too many entries returned.") |
| 225 |
+ } |
| 226 |
+ |
| 227 |
+- var buffer bytes.Buffer |
| 228 |
++ result := make(map[string][]string) |
| 229 |
+ for _, entry := range sr.Entries { |
| 230 |
++ |
| 231 |
+ if len(*attrs) == 0 { |
| 232 |
+ glog.V(2).Infof("Entry DN = %s", entry.DN) |
| 233 |
+- buffer.WriteString(entry.DN) |
| 234 |
++ result["DN"] = []string{entry.DN} |
| 235 |
+ } else { |
| 236 |
+ for _, attr := range *attrs { |
| 237 |
+- values := strings.Join(entry.GetAttributeValues(attr), " ") |
| 238 |
+- glog.V(2).Infof("Entry %s = %s", attr, values) |
| 239 |
+- buffer.WriteString(values) |
| 240 |
++ var values []string |
| 241 |
++ if attr == "DN" { |
| 242 |
++ // DN is excluded from attributes |
| 243 |
++ values = []string{entry.DN} |
| 244 |
++ } else { |
| 245 |
++ values = entry.GetAttributeValues(attr) |
| 246 |
++ } |
| 247 |
++ valuesString := strings.Join(values, "\n") |
| 248 |
++ glog.V(2).Infof("Entry %s = %s", attr, valuesString) |
| 249 |
++ result[attr] = values |
| 250 |
++ } |
| 251 |
++ } |
| 252 |
++ } |
| 253 |
++ |
| 254 |
++ return result, nil |
| 255 |
++} |
| 256 |
++ |
| 257 |
++func (la *LDAPAuth) getCNFromDN(dn string) string { |
| 258 |
++ parsedDN, err := ldap.ParseDN(dn) |
| 259 |
++ if err != nil || len(parsedDN.RDNs) > 0 { |
| 260 |
++ for _, rdn := range parsedDN.RDNs { |
| 261 |
++ for _, rdnAttr := range rdn.Attributes { |
| 262 |
++ if rdnAttr.Type == "CN" { |
| 263 |
++ return rdnAttr.Value |
| 264 |
++ } |
| 265 |
+ } |
| 266 |
+ } |
| 267 |
+ } |
| 268 |
+ |
| 269 |
+- return buffer.String(), nil |
| 270 |
++ // else try using raw DN |
| 271 |
++ return dn |
| 272 |
+ } |
| 273 |
+ |
| 274 |
+ func (la *LDAPAuth) Stop() { |
| 275 |
+ |
| 276 |
+From ddde2fa779e746d7e74cd972a4c6795c72f17ee6 Mon Sep 17 00:00:00 2001 |
| 277 |
+From: Kevin <kcd83@××××××××××××××××××××.com> |
| 278 |
+Date: Tue, 28 Feb 2017 18:09:55 +1300 |
| 279 |
+Subject: [PATCH 2/3] Apply attribute mapping from configuration |
| 280 |
+ |
| 281 |
+--- |
| 282 |
+ auth_server/authn/ldap_auth.go | 125 ++++++++++++++++++++++++----------------- |
| 283 |
+ 1 file changed, 74 insertions(+), 51 deletions(-) |
| 284 |
+ |
| 285 |
+diff --git a/auth_server/authn/ldap_auth.go b/auth_server/authn/ldap_auth.go |
| 286 |
+index 42f5ad0..6f733a2 100644 |
| 287 |
+--- a/auth_server/authn/ldap_auth.go |
| 288 |
++++ b/auth_server/authn/ldap_auth.go |
| 289 |
+@@ -26,16 +26,22 @@ import ( |
| 290 |
+ "github.com/golang/glog" |
| 291 |
+ ) |
| 292 |
+ |
| 293 |
++type LabelMap struct { |
| 294 |
++ Attribute string `yaml:"attribute,omitempty"` |
| 295 |
++ ParseCN bool `yaml:"parse_cn,omitempty"` |
| 296 |
++} |
| 297 |
++ |
| 298 |
+ type LDAPAuthConfig struct { |
| 299 |
+- Addr string `yaml:"addr,omitempty"` |
| 300 |
+- TLS string `yaml:"tls,omitempty"` |
| 301 |
+- InsecureTLSSkipVerify bool `yaml:"insecure_tls_skip_verify,omitempty"` |
| 302 |
+- Base string `yaml:"base,omitempty"` |
| 303 |
+- Filter string `yaml:"filter,omitempty"` |
| 304 |
+- BindDN string `yaml:"bind_dn,omitempty"` |
| 305 |
+- BindPasswordFile string `yaml:"bind_password_file,omitempty"` |
| 306 |
+- GroupBaseDN string `yaml:"group_base_dn,omitempty"` |
| 307 |
+- GroupFilter string `yaml:"group_filter,omitempty"` |
| 308 |
++ Addr string `yaml:"addr,omitempty"` |
| 309 |
++ TLS string `yaml:"tls,omitempty"` |
| 310 |
++ InsecureTLSSkipVerify bool `yaml:"insecure_tls_skip_verify,omitempty"` |
| 311 |
++ Base string `yaml:"base,omitempty"` |
| 312 |
++ Filter string `yaml:"filter,omitempty"` |
| 313 |
++ BindDN string `yaml:"bind_dn,omitempty"` |
| 314 |
++ BindPasswordFile string `yaml:"bind_password_file,omitempty"` |
| 315 |
++ LabelMaps map[string]LabelMap `yaml:"labels,omitempty"` |
| 316 |
++ GroupBaseDN string `yaml:"group_base_dn,omitempty"` |
| 317 |
++ GroupFilter string `yaml:"group_filter,omitempty"` |
| 318 |
+ } |
| 319 |
+ |
| 320 |
+ type LDAPAuth struct { |
| 321 |
+@@ -71,22 +77,19 @@ func (la *LDAPAuth) Authenticate(account string, password PasswordString) (bool, |
| 322 |
+ |
| 323 |
+ filter := la.getFilter(account) |
| 324 |
+ |
| 325 |
+- // dnAndGroupAttr := []string{"DN"} // example of no groups mapping attribute |
| 326 |
+- groupAttribute := "memberOf" |
| 327 |
+- dnAndGroupAttr := []string{"DN", groupAttribute} |
| 328 |
++ labelAttributes, labelsConfigErr := la.getLabelAttributes() |
| 329 |
++ if labelsConfigErr != nil { |
| 330 |
++ return false, nil, labelsConfigErr |
| 331 |
++ } |
| 332 |
+ |
| 333 |
+- entryAttrMap, uSearchErr := la.ldapSearch(l, &la.config.Base, &filter, &dnAndGroupAttr) |
| 334 |
++ accountEntryDN, entryAttrMap, uSearchErr := la.ldapSearch(l, &la.config.Base, &filter, &labelAttributes) |
| 335 |
+ if uSearchErr != nil { |
| 336 |
+ return false, nil, uSearchErr |
| 337 |
+ } |
| 338 |
+- if len(entryAttrMap) < 1 || entryAttrMap["DN"] == nil || len(entryAttrMap["DN"]) != 1 { |
| 339 |
+- return false, nil, NoMatch // User does not exist |
| 340 |
+- } |
| 341 |
+- |
| 342 |
+- accountEntryDN := entryAttrMap["DN"][0] |
| 343 |
+ if accountEntryDN == "" { |
| 344 |
+ return false, nil, NoMatch // User does not exist |
| 345 |
+ } |
| 346 |
++ |
| 347 |
+ // Bind as the user to verify their password |
| 348 |
+ if len(accountEntryDN) > 0 { |
| 349 |
+ err := l.Bind(accountEntryDN, string(password)) |
| 350 |
+@@ -102,21 +105,13 @@ func (la *LDAPAuth) Authenticate(account string, password PasswordString) (bool, |
| 351 |
+ return false, nil, bindErr |
| 352 |
+ } |
| 353 |
+ |
| 354 |
+- // Extract group names from the attribute values |
| 355 |
+- if entryAttrMap[groupAttribute] != nil { |
| 356 |
+- rawGroups := entryAttrMap[groupAttribute] |
| 357 |
+- labels := make(map[string][]string) |
| 358 |
+- var groups []string |
| 359 |
+- for _, value := range rawGroups { |
| 360 |
+- cn := la.getCNFromDN(value) |
| 361 |
+- groups = append(groups, cn) |
| 362 |
+- } |
| 363 |
+- labels["groups"] = groups |
| 364 |
+- |
| 365 |
+- return true, labels, nil |
| 366 |
++ // Extract labels from the attribute values |
| 367 |
++ labels, labelsExtractErr := la.getLabelsFromMap(entryAttrMap) |
| 368 |
++ if labelsExtractErr != nil { |
| 369 |
++ return false, nil, labelsExtractErr |
| 370 |
+ } |
| 371 |
+ |
| 372 |
+- return true, nil, nil |
| 373 |
++ return true, labels, nil |
| 374 |
+ } |
| 375 |
+ |
| 376 |
+ func (la *LDAPAuth) bindReadOnlyUser(l *ldap.Conn) error { |
| 377 |
+@@ -193,9 +188,9 @@ func (la *LDAPAuth) getFilter(account string) string { |
| 378 |
+ |
| 379 |
+ //ldap search and return required attributes' value from searched entries |
| 380 |
+ //default return entry's DN value if you leave attrs array empty |
| 381 |
+-func (la *LDAPAuth) ldapSearch(l *ldap.Conn, baseDN *string, filter *string, attrs *[]string) (map[string][]string, error) { |
| 382 |
++func (la *LDAPAuth) ldapSearch(l *ldap.Conn, baseDN *string, filter *string, attrs *[]string) (string, map[string][]string, error) { |
| 383 |
+ if l == nil { |
| 384 |
+- return nil, fmt.Errorf("No ldap connection!") |
| 385 |
++ return "", nil, fmt.Errorf("No ldap connection!") |
| 386 |
+ } |
| 387 |
+ glog.V(2).Infof("Searching...basedDN:%s, filter:%s", *baseDN, *filter) |
| 388 |
+ searchRequest := ldap.NewSearchRequest( |
| 389 |
+@@ -206,38 +201,66 @@ func (la *LDAPAuth) ldapSearch(l *ldap.Conn, baseDN *string, filter *string, att |
| 390 |
+ nil) |
| 391 |
+ sr, err := l.Search(searchRequest) |
| 392 |
+ if err != nil { |
| 393 |
+- return nil, err |
| 394 |
++ return "", nil, err |
| 395 |
+ } |
| 396 |
+ |
| 397 |
+ if len(sr.Entries) == 0 { |
| 398 |
+- return nil, nil // User does not exist |
| 399 |
++ return "", nil, nil // User does not exist |
| 400 |
+ } else if len(sr.Entries) > 1 { |
| 401 |
+- return nil, fmt.Errorf("Too many entries returned.") |
| 402 |
++ return "", nil, fmt.Errorf("Too many entries returned.") |
| 403 |
+ } |
| 404 |
+ |
| 405 |
+- result := make(map[string][]string) |
| 406 |
++ attributes := make(map[string][]string) |
| 407 |
++ var entryDn string |
| 408 |
+ for _, entry := range sr.Entries { |
| 409 |
+- |
| 410 |
++ entryDn = entry.DN |
| 411 |
+ if len(*attrs) == 0 { |
| 412 |
+- glog.V(2).Infof("Entry DN = %s", entry.DN) |
| 413 |
+- result["DN"] = []string{entry.DN} |
| 414 |
++ glog.V(2).Infof("Entry DN = %s", entryDn) |
| 415 |
+ } else { |
| 416 |
+ for _, attr := range *attrs { |
| 417 |
+- var values []string |
| 418 |
+- if attr == "DN" { |
| 419 |
+- // DN is excluded from attributes |
| 420 |
+- values = []string{entry.DN} |
| 421 |
+- } else { |
| 422 |
+- values = entry.GetAttributeValues(attr) |
| 423 |
+- } |
| 424 |
+- valuesString := strings.Join(values, "\n") |
| 425 |
+- glog.V(2).Infof("Entry %s = %s", attr, valuesString) |
| 426 |
+- result[attr] = values |
| 427 |
++ values := entry.GetAttributeValues(attr) |
| 428 |
++ glog.V(2).Infof("Entry %s = %s", attr, strings.Join(values, "\n")) |
| 429 |
++ attributes[attr] = values |
| 430 |
+ } |
| 431 |
+ } |
| 432 |
+ } |
| 433 |
+ |
| 434 |
+- return result, nil |
| 435 |
++ return entryDn, attributes, nil |
| 436 |
++} |
| 437 |
++ |
| 438 |
++func (la *LDAPAuth) getLabelAttributes() ([]string, error) { |
| 439 |
++ labelAttributes := make([]string, len(la.config.LabelMaps)) |
| 440 |
++ i := 0 |
| 441 |
++ for key, mapping := range la.config.LabelMaps { |
| 442 |
++ if mapping.Attribute == "" { |
| 443 |
++ return nil, fmt.Errorf("Label %s is missing 'attribute' to map from", key) |
| 444 |
++ } |
| 445 |
++ labelAttributes[i] = mapping.Attribute |
| 446 |
++ i++ |
| 447 |
++ } |
| 448 |
++ return labelAttributes, nil |
| 449 |
++} |
| 450 |
++ |
| 451 |
++func (la *LDAPAuth) getLabelsFromMap(attrMap map[string][]string) (map[string][]string, error) { |
| 452 |
++ labels := make(map[string][]string) |
| 453 |
++ for key, mapping := range la.config.LabelMaps { |
| 454 |
++ if mapping.Attribute == "" { |
| 455 |
++ return nil, fmt.Errorf("Label %s is missing 'attribute' to map from", key) |
| 456 |
++ } |
| 457 |
++ |
| 458 |
++ mappingValues := attrMap[mapping.Attribute] |
| 459 |
++ if mappingValues != nil { |
| 460 |
++ if mapping.ParseCN { |
| 461 |
++ // shorten attribute to its common name |
| 462 |
++ for i, value := range mappingValues { |
| 463 |
++ cn := la.getCNFromDN(value) |
| 464 |
++ mappingValues[i] = cn |
| 465 |
++ } |
| 466 |
++ } |
| 467 |
++ labels[key] = mappingValues |
| 468 |
++ } |
| 469 |
++ } |
| 470 |
++ return labels, nil |
| 471 |
+ } |
| 472 |
+ |
| 473 |
+ func (la *LDAPAuth) getCNFromDN(dn string) string { |
| 474 |
+ |
| 475 |
+From cd37001980267a99a9faa19f1927891af63acb90 Mon Sep 17 00:00:00 2001 |
| 476 |
+From: Kevin <kcd83@××××××××××××××××××××.com> |
| 477 |
+Date: Tue, 28 Feb 2017 18:27:16 +1300 |
| 478 |
+Subject: [PATCH 3/3] Remove unused configuration fields, never implemented? |
| 479 |
+ |
| 480 |
+--- |
| 481 |
+ auth_server/authn/ldap_auth.go | 2 -- |
| 482 |
+ 1 file changed, 2 deletions(-) |
| 483 |
+ |
| 484 |
+diff --git a/auth_server/authn/ldap_auth.go b/auth_server/authn/ldap_auth.go |
| 485 |
+index 6f733a2..9c8bcb8 100644 |
| 486 |
+--- a/auth_server/authn/ldap_auth.go |
| 487 |
++++ b/auth_server/authn/ldap_auth.go |
| 488 |
+@@ -40,8 +40,6 @@ type LDAPAuthConfig struct { |
| 489 |
+ BindDN string `yaml:"bind_dn,omitempty"` |
| 490 |
+ BindPasswordFile string `yaml:"bind_password_file,omitempty"` |
| 491 |
+ LabelMaps map[string]LabelMap `yaml:"labels,omitempty"` |
| 492 |
+- GroupBaseDN string `yaml:"group_base_dn,omitempty"` |
| 493 |
+- GroupFilter string `yaml:"group_filter,omitempty"` |
| 494 |
+ } |
| 495 |
+ |
| 496 |
+ type LDAPAuth struct { |
Archives