2019-04-24 21:52:08 +00:00
|
|
|
package authentication
|
|
|
|
|
2022-05-02 01:51:38 +00:00
|
|
|
import (
|
|
|
|
"crypto/tls"
|
2022-07-18 00:56:09 +00:00
|
|
|
"net/mail"
|
2023-02-11 15:47:03 +00:00
|
|
|
"time"
|
2022-05-02 01:51:38 +00:00
|
|
|
|
|
|
|
"github.com/go-ldap/ldap/v3"
|
|
|
|
"golang.org/x/text/encoding/unicode"
|
|
|
|
)
|
|
|
|
|
2022-05-10 04:38:36 +00:00
|
|
|
// LDAPClientFactory an interface of factory of LDAP clients.
|
|
|
|
type LDAPClientFactory interface {
|
|
|
|
DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
|
2022-05-02 01:51:38 +00:00
|
|
|
}
|
|
|
|
|
2022-05-10 04:38:36 +00:00
|
|
|
// LDAPClient is a cut down version of the ldap.Client interface with just the methods we use.
|
|
|
|
//
|
|
|
|
// Methods added to this interface that have a direct correlation with one from ldap.Client should have the same signature.
|
|
|
|
type LDAPClient interface {
|
2023-02-11 15:47:03 +00:00
|
|
|
Start()
|
2022-05-02 01:51:38 +00:00
|
|
|
Close()
|
2023-02-11 15:47:03 +00:00
|
|
|
IsClosing() bool
|
|
|
|
SetTimeout(timeout time.Duration)
|
|
|
|
|
|
|
|
TLSConnectionState() (state tls.ConnectionState, ok bool)
|
2022-05-02 01:51:38 +00:00
|
|
|
StartTLS(config *tls.Config) (err error)
|
|
|
|
|
2023-02-11 15:47:03 +00:00
|
|
|
Unbind() (err error)
|
2022-05-10 04:38:36 +00:00
|
|
|
Bind(username, password string) (err error)
|
2023-02-11 15:47:03 +00:00
|
|
|
SimpleBind(simpleBindRequest *ldap.SimpleBindRequest) (bindResult *ldap.SimpleBindResult, err error)
|
|
|
|
MD5Bind(host string, username string, password string) (err error)
|
|
|
|
DigestMD5Bind(digestMD5BindRequest *ldap.DigestMD5BindRequest) (digestMD5BindResult *ldap.DigestMD5BindResult, err error)
|
2022-06-17 11:03:47 +00:00
|
|
|
UnauthenticatedBind(username string) (err error)
|
2023-02-11 15:47:03 +00:00
|
|
|
ExternalBind() (err error)
|
2022-05-02 01:51:38 +00:00
|
|
|
|
|
|
|
Modify(modifyRequest *ldap.ModifyRequest) (err error)
|
2023-02-11 15:47:03 +00:00
|
|
|
ModifyWithResult(modifyRequest *ldap.ModifyRequest) (modifyResult *ldap.ModifyResult, err error)
|
|
|
|
ModifyDN(m *ldap.ModifyDNRequest) (err error)
|
2022-05-10 04:38:36 +00:00
|
|
|
PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) (pwdModifyResult *ldap.PasswordModifyResult, err error)
|
|
|
|
|
2023-02-11 15:47:03 +00:00
|
|
|
Add(addRequest *ldap.AddRequest) (err error)
|
|
|
|
Del(delRequest *ldap.DelRequest) (err error)
|
|
|
|
|
2022-05-10 04:38:36 +00:00
|
|
|
Search(searchRequest *ldap.SearchRequest) (searchResult *ldap.SearchResult, err error)
|
2023-02-11 15:47:03 +00:00
|
|
|
SearchWithPaging(searchRequest *ldap.SearchRequest, pagingSize uint32) (searchResult *ldap.SearchResult, err error)
|
|
|
|
Compare(dn string, attribute string, value string) (same bool, err error)
|
|
|
|
|
|
|
|
WhoAmI(controls []ldap.Control) (whoamiResult *ldap.WhoAmIResult, err error)
|
2022-05-02 01:51:38 +00:00
|
|
|
}
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
// UserDetails represent the details retrieved for a given user.
|
|
|
|
type UserDetails struct {
|
2020-06-19 10:50:21 +00:00
|
|
|
Username string
|
|
|
|
DisplayName string
|
|
|
|
Emails []string
|
|
|
|
Groups []string
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
2022-05-02 01:51:38 +00:00
|
|
|
|
2022-07-18 00:56:09 +00:00
|
|
|
// Addresses returns the Emails []string as []mail.Address formatted with DisplayName as the Name attribute.
|
|
|
|
func (d UserDetails) Addresses() (addresses []mail.Address) {
|
|
|
|
if len(d.Emails) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
addresses = make([]mail.Address, len(d.Emails))
|
|
|
|
|
|
|
|
for i, email := range d.Emails {
|
|
|
|
addresses[i] = mail.Address{
|
|
|
|
Name: d.DisplayName,
|
|
|
|
Address: email,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return addresses
|
|
|
|
}
|
|
|
|
|
2022-05-02 01:51:38 +00:00
|
|
|
type ldapUserProfile struct {
|
|
|
|
DN string
|
|
|
|
Emails []string
|
|
|
|
DisplayName string
|
|
|
|
Username string
|
|
|
|
}
|
|
|
|
|
2022-05-10 04:38:36 +00:00
|
|
|
// LDAPSupportedFeatures represents features which a server may support which are implemented in code.
|
|
|
|
type LDAPSupportedFeatures struct {
|
|
|
|
Extensions LDAPSupportedExtensions
|
|
|
|
ControlTypes LDAPSupportedControlTypes
|
|
|
|
}
|
|
|
|
|
|
|
|
// LDAPSupportedExtensions represents extensions which a server may support which are implemented in code.
|
|
|
|
type LDAPSupportedExtensions struct {
|
|
|
|
TLS bool
|
|
|
|
PwdModifyExOp bool
|
|
|
|
}
|
|
|
|
|
|
|
|
// LDAPSupportedControlTypes represents control types which a server may support which are implemented in code.
|
|
|
|
type LDAPSupportedControlTypes struct {
|
|
|
|
MsftPwdPolHints bool
|
|
|
|
MsftPwdPolHintsDeprecated bool
|
|
|
|
}
|
|
|
|
|
2022-05-02 01:51:38 +00:00
|
|
|
var utf16LittleEndian = unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM)
|