login-validator: refactor auth methods

2020-02-21 00:18:56 +01:00 · 2020-02-21 00:18:56 +01:00 · 8d4ab002d8
commit 8d4ab002d8
parent 1d2199aaef
5 changed files with 126 additions and 91 deletions
--- a/pkg/login-validator/cmd/main.go
+++ b/pkg/login-validator/cmd/main.go
@ -17,21 +17,20 @@ var tftpDir string
 func main() {
 	var studentsFile string

-	var lc loginChecker
-
 	var bind = flag.String("bind", ":8081", "Bind port/socket")
 	flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list")
 	flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table")
 	flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
 	flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")

-	flag.BoolVar(&lc.noAuth, "noauth", false, "don't perform password check")
-	flag.StringVar(&lc.ldapAddr, "ldaphost", "auth.cri.epita.fr", "LDAP host")
-	flag.IntVar(&lc.ldapPort, "ldapport", 636, "LDAP port")
-	flag.BoolVar(&lc.ldapIsTLS, "ldaptls", false, "Is LDAP connection LDAPS?")
-	flag.StringVar(&lc.ldapBase, "ldapbase", "dc=epita,dc=net", "LDAP base")
-	flag.StringVar(&lc.ldapBindUsername, "ldapbindusername", "", "LDAP user to use in order to perform bind (optional if search can be made anonymously)")
-	flag.StringVar(&lc.ldapBindPassword, "ldapbindpassword", "", "Password for the bind user")
+	var auth = flag.String("auth", "none", "Auth method: none, ldap")
+
+	var ldapAddr = flag.String("ldaphost", "auth.cri.epita.fr", "LDAP host")
+	var ldapPort = flag.Int("ldapport", 636, "LDAP port")
+	var ldaptls = flag.Bool("ldaptls", false, "Is LDAP connection LDAPS?")
+	var ldapbase = flag.String("ldapbase", "dc=epita,dc=net", "LDAP base")
+	var ldapbindusername = flag.String("ldapbindusername", "", "LDAP user to use in order to perform bind (optional if search can be made anonymously)")
+	var ldapbindpassword = flag.String("ldapbindpassword", "", "Password for the bind user")
 	flag.Parse()

 	var err error
@ -42,6 +41,23 @@ func main() {
 		log.Fatal(err)
 	}

+	var lc loginChecker
+
+	if auth != nil && *auth == "ldap" {
+		log.Printf("Auth method: LDAP(%s@%s:%d?%s)", *ldapbindusername, *ldapAddr, *ldapPort, *ldapbase)
+		lc.authMethod = LDAPAuth{
+			Addr: *ldapAddr,
+			Port: *ldapPort,
+			IsTLS: *ldaptls,
+			Base: *ldapbase,
+			BindUsername: *ldapbindusername,
+			BindPassword: *ldapbindpassword,
+		}
+	} else {
+		log.Println("No auth method selected: all access will be granted")
+		lc.authMethod = NoAuth{}
+	}
+
 	lc.students, err = readStudentsList(studentsFile)
 	if err != nil {
 		log.Fatal(err)