login-validator: new option to skip authentication

2018-02-22 00:16:26 +01:00 · 2018-02-22 00:16:26 +01:00 · 60a6b70ccf
commit 60a6b70ccf
parent e4087394ba
2 changed files with 12 additions and 8 deletions
--- a/pkg/login-validator/cmd/login.go
+++ b/pkg/login-validator/cmd/login.go
@ -23,6 +23,7 @@ var loginSalt string

 type loginChecker struct {
 	students         []Student
+	noAuth           bool
 	ldapAddr         string
 	ldapPort         int
 	ldapIsTLS        bool
@ -139,6 +140,7 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if ! l.noAuth {
 		if ok, err := l.ldapAuth(lu.Username, lu.Password); err != nil {
 			log.Println("Unable to perform authentication for", lu.Username, ":", err, "at", r.RemoteAddr)
 			http.Error(w, err.Error(), http.StatusUnauthorized)
@ -148,6 +150,7 @@ func (l loginChecker) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, "Invalid password", http.StatusUnauthorized)
 			return
 		}
+	}

 	if err := l.lateLoginAction(lu.Username, r.RemoteAddr); err != nil {
 		log.Println("Error on late login action:", err)
--- a/pkg/login-validator/cmd/main.go
+++ b/pkg/login-validator/cmd/main.go
@ -20,6 +20,7 @@ func main() {
 	flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
 	flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")

+	flag.BoolVar(&lc.noAuth, "noauth", false, "don't perform password check")
 	flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
 	flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
 	flag.BoolVar(&lc.ldapIsTLS, "ldaptls", false, "Is LDAP connection LDAPS?")