From 60a6b70ccf77c3a88b498df06c78b849310b2c1c Mon Sep 17 00:00:00 2001
From: nemunaire <nemunaire@nemunai.re>
Date: Thu, 22 Feb 2018 00:16:26 +0100
Subject: [PATCH] login-validator: new option to skip authentication

---
 pkg/login-validator/cmd/login.go | 19 +++++++++++--------
 pkg/login-validator/cmd/main.go  |  1 +
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/pkg/login-validator/cmd/login.go b/pkg/login-validator/cmd/login.go
index dd3a8ab..8274e82 100644
--- a/pkg/login-validator/cmd/login.go
+++ b/pkg/login-validator/cmd/login.go
@@ -23,6 +23,7 @@ var loginSalt string
 
 type loginChecker struct {
 	students         []Student
+	noAuth           bool
 	ldapAddr         string
 	ldapPort         int
 	ldapIsTLS        bool
@@ -139,14 +140,16 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if ok, err := l.ldapAuth(lu.Username, lu.Password); err != nil {
-		log.Println("Unable to perform authentication for", lu.Username, ":", err, "at", r.RemoteAddr)
-		http.Error(w, err.Error(), http.StatusUnauthorized)
-		return
-	} else if !ok {
-		log.Println("Login failed:", lu.Username, "at", r.RemoteAddr)
-		http.Error(w, "Invalid password", http.StatusUnauthorized)
-		return
+	if ! l.noAuth {
+		if ok, err := l.ldapAuth(lu.Username, lu.Password); err != nil {
+			log.Println("Unable to perform authentication for", lu.Username, ":", err, "at", r.RemoteAddr)
+			http.Error(w, err.Error(), http.StatusUnauthorized)
+			return
+		} else if !ok {
+			log.Println("Login failed:", lu.Username, "at", r.RemoteAddr)
+			http.Error(w, "Invalid password", http.StatusUnauthorized)
+			return
+		}
 	}
 
 	if err := l.lateLoginAction(lu.Username, r.RemoteAddr); err != nil {
diff --git a/pkg/login-validator/cmd/main.go b/pkg/login-validator/cmd/main.go
index d4bcca1..5b1a212 100644
--- a/pkg/login-validator/cmd/main.go
+++ b/pkg/login-validator/cmd/main.go
@@ -20,6 +20,7 @@ func main() {
 	flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
 	flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
 
+	flag.BoolVar(&lc.noAuth, "noauth", false, "don't perform password check")
 	flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
 	flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
 	flag.BoolVar(&lc.ldapIsTLS, "ldaptls", false, "Is LDAP connection LDAPS?")