login-validator: new option to skip authentication

2018-02-22 00:16:26 +01:00 · 2018-02-22 00:16:26 +01:00 · 60a6b70ccf
commit 60a6b70ccf
parent e4087394ba
2 changed files with 12 additions and 8 deletions
--- a/pkg/login-validator/cmd/login.go
+++ b/pkg/login-validator/cmd/login.go
@ -23,6 +23,7 @@ var loginSalt string
 type loginChecker struct {
 	students         []Student
 	noAuth           bool
 	ldapAddr         string
 	ldapPort         int
 	ldapIsTLS        bool
@ -139,14 +140,16 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	if ok, err := l.ldapAuth(lu.Username, lu.Password); err != nil {
+	if ! l.noAuth {
-		log.Println("Unable to perform authentication for", lu.Username, ":", err, "at", r.RemoteAddr)
+		if ok, err := l.ldapAuth(lu.Username, lu.Password); err != nil {
-		http.Error(w, err.Error(), http.StatusUnauthorized)
+			log.Println("Unable to perform authentication for", lu.Username, ":", err, "at", r.RemoteAddr)
-		return
+			http.Error(w, err.Error(), http.StatusUnauthorized)
-	} else if !ok {
+			return
-		log.Println("Login failed:", lu.Username, "at", r.RemoteAddr)
+		} else if !ok {
-		http.Error(w, "Invalid password", http.StatusUnauthorized)
+			log.Println("Login failed:", lu.Username, "at", r.RemoteAddr)
-		return
+			http.Error(w, "Invalid password", http.StatusUnauthorized)
 			return
 		}
 	}
 	if err := l.lateLoginAction(lu.Username, r.RemoteAddr); err != nil {
--- a/pkg/login-validator/cmd/main.go
+++ b/pkg/login-validator/cmd/main.go
@ -20,6 +20,7 @@ func main() {
 	flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
 	flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
 	flag.BoolVar(&lc.noAuth, "noauth", false, "don't perform password check")
 	flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
 	flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
 	flag.BoolVar(&lc.ldapIsTLS, "ldaptls", false, "Is LDAP connection LDAPS?")