login-validator: new auth method: http forwarder
This commit is contained in:
parent
c833b64d13
commit
046abdd93c
26
pkg/login-validator/cmd/auth_fwd.go
Normal file
26
pkg/login-validator/cmd/auth_fwd.go
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
)
|
||||||
|
|
||||||
|
type FWDAuth struct {
|
||||||
|
URI *url.URL
|
||||||
|
}
|
||||||
|
|
||||||
|
func (f FWDAuth) checkAuth(username, password string) (res bool, err error) {
|
||||||
|
if r, err := http.NewRequest("GET", f.URI.String(), nil); err != nil {
|
||||||
|
return false, err
|
||||||
|
} else {
|
||||||
|
r.SetBasicAuth(username, password)
|
||||||
|
|
||||||
|
if resp, err := http.DefaultClient.Do(r); err != nil {
|
||||||
|
return false, err
|
||||||
|
} else {
|
||||||
|
resp.Body.Close()
|
||||||
|
|
||||||
|
return resp.StatusCode < 400, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -6,6 +6,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
@ -23,7 +24,9 @@ func main() {
|
|||||||
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
|
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
|
||||||
flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
|
flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
|
||||||
|
|
||||||
var auth = flag.String("auth", "none", "Auth method: none, ldap")
|
var auth = flag.String("auth", "none", "Auth method: none, ldap, fwd")
|
||||||
|
|
||||||
|
var fwdURI = flag.String("fwduri", "https://srs.epita.fr:443/", "URI to forward auth requests")
|
||||||
|
|
||||||
var ldapAddr = flag.String("ldaphost", "auth.cri.epita.fr", "LDAP host")
|
var ldapAddr = flag.String("ldaphost", "auth.cri.epita.fr", "LDAP host")
|
||||||
var ldapPort = flag.Int("ldapport", 636, "LDAP port")
|
var ldapPort = flag.Int("ldapport", 636, "LDAP port")
|
||||||
@ -53,6 +56,15 @@ func main() {
|
|||||||
BindUsername: *ldapbindusername,
|
BindUsername: *ldapbindusername,
|
||||||
BindPassword: *ldapbindpassword,
|
BindPassword: *ldapbindpassword,
|
||||||
}
|
}
|
||||||
|
} else if auth != nil && *auth == "fwd" && fwdURI != nil {
|
||||||
|
if uri, err := url.Parse(*fwdURI); err != nil {
|
||||||
|
log.Fatal("Unable to parse FWD URL:", err)
|
||||||
|
} else {
|
||||||
|
log.Printf("Auth method: HTTP_FWD(%s)", uri)
|
||||||
|
lc.authMethod = FWDAuth{
|
||||||
|
URI: uri,
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
log.Println("No auth method selected: all access will be granted")
|
log.Println("No auth method selected: all access will be granted")
|
||||||
lc.authMethod = NoAuth{}
|
lc.authMethod = NoAuth{}
|
||||||
|
@ -155,7 +155,8 @@ services:
|
|||||||
- name: login-validator
|
- name: login-validator
|
||||||
image: nemunaire/adlin-login-validator:87f1cf05e8037b934d293a48704bd3f8ee678d41
|
image: nemunaire/adlin-login-validator:87f1cf05e8037b934d293a48704bd3f8ee678d41
|
||||||
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
||||||
command: ["/bin/login-validator", "-bind=:8081", "-auth=none"]
|
command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"]
|
||||||
|
# command: ["/bin/login-validator", "-bind=:8081", "-auth=none"]
|
||||||
net: /run/netns/login
|
net: /run/netns/login
|
||||||
binds:
|
binds:
|
||||||
- /etc/resolv.conf:/etc/resolv.conf:ro
|
- /etc/resolv.conf:/etc/resolv.conf:ro
|
||||||
|
Reference in New Issue
Block a user