login-validator: new option to skip authentication
This commit is contained in:
parent
e4087394ba
commit
60a6b70ccf
@ -23,6 +23,7 @@ var loginSalt string
|
|||||||
|
|
||||||
type loginChecker struct {
|
type loginChecker struct {
|
||||||
students []Student
|
students []Student
|
||||||
|
noAuth bool
|
||||||
ldapAddr string
|
ldapAddr string
|
||||||
ldapPort int
|
ldapPort int
|
||||||
ldapIsTLS bool
|
ldapIsTLS bool
|
||||||
@ -139,14 +140,16 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if ok, err := l.ldapAuth(lu.Username, lu.Password); err != nil {
|
if ! l.noAuth {
|
||||||
log.Println("Unable to perform authentication for", lu.Username, ":", err, "at", r.RemoteAddr)
|
if ok, err := l.ldapAuth(lu.Username, lu.Password); err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusUnauthorized)
|
log.Println("Unable to perform authentication for", lu.Username, ":", err, "at", r.RemoteAddr)
|
||||||
return
|
http.Error(w, err.Error(), http.StatusUnauthorized)
|
||||||
} else if !ok {
|
return
|
||||||
log.Println("Login failed:", lu.Username, "at", r.RemoteAddr)
|
} else if !ok {
|
||||||
http.Error(w, "Invalid password", http.StatusUnauthorized)
|
log.Println("Login failed:", lu.Username, "at", r.RemoteAddr)
|
||||||
return
|
http.Error(w, "Invalid password", http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := l.lateLoginAction(lu.Username, r.RemoteAddr); err != nil {
|
if err := l.lateLoginAction(lu.Username, r.RemoteAddr); err != nil {
|
||||||
|
@ -20,6 +20,7 @@ func main() {
|
|||||||
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
|
flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
|
||||||
flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
|
flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
|
||||||
|
|
||||||
|
flag.BoolVar(&lc.noAuth, "noauth", false, "don't perform password check")
|
||||||
flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
|
flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
|
||||||
flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
|
flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
|
||||||
flag.BoolVar(&lc.ldapIsTLS, "ldaptls", false, "Is LDAP connection LDAPS?")
|
flag.BoolVar(&lc.ldapIsTLS, "ldaptls", false, "Is LDAP connection LDAPS?")
|
||||||
|
Reference in New Issue
Block a user