login-validator: new auth method: http forwarder

This commit is contained in:
nemunaire 2020-02-21 01:05:53 +01:00
parent c833b64d13
commit 046abdd93c
3 changed files with 41 additions and 2 deletions

View File

@ -0,0 +1,26 @@
package main
import (
"net/http"
"net/url"
)
type FWDAuth struct {
URI *url.URL
}
func (f FWDAuth) checkAuth(username, password string) (res bool, err error) {
if r, err := http.NewRequest("GET", f.URI.String(), nil); err != nil {
return false, err
} else {
r.SetBasicAuth(username, password)
if resp, err := http.DefaultClient.Do(r); err != nil {
return false, err
} else {
resp.Body.Close()
return resp.StatusCode < 400, err
}
}
}

View File

@ -6,6 +6,7 @@ import (
"fmt"
"log"
"net/http"
"net/url"
"os"
"os/signal"
"path/filepath"
@ -23,7 +24,9 @@ func main() {
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
var auth = flag.String("auth", "none", "Auth method: none, ldap")
var auth = flag.String("auth", "none", "Auth method: none, ldap, fwd")
var fwdURI = flag.String("fwduri", "https://srs.epita.fr:443/", "URI to forward auth requests")
var ldapAddr = flag.String("ldaphost", "auth.cri.epita.fr", "LDAP host")
var ldapPort = flag.Int("ldapport", 636, "LDAP port")
@ -53,6 +56,15 @@ func main() {
BindUsername: *ldapbindusername,
BindPassword: *ldapbindpassword,
}
} else if auth != nil && *auth == "fwd" && fwdURI != nil {
if uri, err := url.Parse(*fwdURI); err != nil {
log.Fatal("Unable to parse FWD URL:", err)
} else {
log.Printf("Auth method: HTTP_FWD(%s)", uri)
lc.authMethod = FWDAuth{
URI: uri,
}
}
} else {
log.Println("No auth method selected: all access will be granted")
lc.authMethod = NoAuth{}

View File

@ -155,7 +155,8 @@ services:
- name: login-validator
image: nemunaire/adlin-login-validator:87f1cf05e8037b934d293a48704bd3f8ee678d41
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
command: ["/bin/login-validator", "-bind=:8081", "-auth=none"]
command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"]
# command: ["/bin/login-validator", "-bind=:8081", "-auth=none"]
net: /run/netns/login
binds:
- /etc/resolv.conf:/etc/resolv.conf:ro