login-validator: new auth method: http forwarder
This commit is contained in:
parent
c833b64d13
commit
046abdd93c
26
pkg/login-validator/cmd/auth_fwd.go
Normal file
26
pkg/login-validator/cmd/auth_fwd.go
Normal file
@ -0,0 +1,26 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/url"
|
||||
)
|
||||
|
||||
type FWDAuth struct {
|
||||
URI *url.URL
|
||||
}
|
||||
|
||||
func (f FWDAuth) checkAuth(username, password string) (res bool, err error) {
|
||||
if r, err := http.NewRequest("GET", f.URI.String(), nil); err != nil {
|
||||
return false, err
|
||||
} else {
|
||||
r.SetBasicAuth(username, password)
|
||||
|
||||
if resp, err := http.DefaultClient.Do(r); err != nil {
|
||||
return false, err
|
||||
} else {
|
||||
resp.Body.Close()
|
||||
|
||||
return resp.StatusCode < 400, err
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -6,6 +6,7 @@ import (
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/signal"
|
||||
"path/filepath"
|
||||
@ -23,7 +24,9 @@ func main() {
|
||||
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
|
||||
flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
|
||||
|
||||
var auth = flag.String("auth", "none", "Auth method: none, ldap")
|
||||
var auth = flag.String("auth", "none", "Auth method: none, ldap, fwd")
|
||||
|
||||
var fwdURI = flag.String("fwduri", "https://srs.epita.fr:443/", "URI to forward auth requests")
|
||||
|
||||
var ldapAddr = flag.String("ldaphost", "auth.cri.epita.fr", "LDAP host")
|
||||
var ldapPort = flag.Int("ldapport", 636, "LDAP port")
|
||||
@ -53,6 +56,15 @@ func main() {
|
||||
BindUsername: *ldapbindusername,
|
||||
BindPassword: *ldapbindpassword,
|
||||
}
|
||||
} else if auth != nil && *auth == "fwd" && fwdURI != nil {
|
||||
if uri, err := url.Parse(*fwdURI); err != nil {
|
||||
log.Fatal("Unable to parse FWD URL:", err)
|
||||
} else {
|
||||
log.Printf("Auth method: HTTP_FWD(%s)", uri)
|
||||
lc.authMethod = FWDAuth{
|
||||
URI: uri,
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.Println("No auth method selected: all access will be granted")
|
||||
lc.authMethod = NoAuth{}
|
||||
|
||||
@ -155,7 +155,8 @@ services:
|
||||
- name: login-validator
|
||||
image: nemunaire/adlin-login-validator:87f1cf05e8037b934d293a48704bd3f8ee678d41
|
||||
# command: ["/bin/login-validator", "-bind=:8081", "-auth=ldap", "-ldaphost=auth.cri.epita.net", "-ldapport=636", "-ldaptls", "-ldapbase=dc=epita,dc=net"]
|
||||
command: ["/bin/login-validator", "-bind=:8081", "-auth=none"]
|
||||
command: ["/bin/login-validator", "-bind=:8081", "-auth=fwd", "-fwduri=https://adlin.nemunai.re/auth"]
|
||||
# command: ["/bin/login-validator", "-bind=:8081", "-auth=none"]
|
||||
net: /run/netns/login
|
||||
binds:
|
||||
- /etc/resolv.conf:/etc/resolv.conf:ro
|
||||
|
||||
Reference in New Issue
Block a user