improve maintainability and license compliance

0. Maximum parity with upstream code 1. Added Apache-required modification notices 2. Added Apache license
2020-02-11 16:09:43 -05:00 · 2020-02-11 16:09:43 -05:00 · 0c2d8adeac
commit 0c2d8adeac
parent c13597f807
7 changed files with 551 additions and 250 deletions
--- a/irc/ldap/config.go
+++ b/irc/ldap/config.go
@ -1,19 +1,21 @@
-// Copyright (c) 2020 Matt Ouille
-// Copyright (c) 2020 Shivaram Lingamneni
-// released under the MIT license
+// Copyright 2014-2018 Grafana Labs
+// Released under the Apache 2.0 license

-// Portions of this code copyright Grafana Labs and contributors
-// and released under the Apache 2.0 license
+// Modification notice:
+// 1. All field names were changed from toml and snake case to yaml and kebab case,
+//    matching the Oragono project conventions
+// 2. Two fields were added: `Autocreate` and `Timeout`
+
+// XXX: none of AttributeMap does anything in oragono, except MemberOf,
+// which can be used to retrieve group memberships

 package ldap

 import (
-	"fmt"
-	"strings"
 	"time"
 )

-type LDAPConfig struct {
+type ServerConfig struct {
 	Enabled    bool
 	Autocreate bool

@ -22,7 +24,7 @@ type LDAPConfig struct {
 	Timeout       time.Duration
 	UseSSL        bool   `yaml:"use-ssl"`
 	StartTLS      bool   `yaml:"start-tls"`
-	SkipTLSVerify bool   `yaml:"skip-tls-verify"`
+	SkipVerifySSL bool   `yaml:"ssl-skip-verify"`
 	RootCACert    string `yaml:"root-ca-cert"`
 	ClientCert    string `yaml:"client-cert"`
 	ClientKey     string `yaml:"client-key"`
@ -35,29 +37,22 @@ type LDAPConfig struct {
 	// user validation: require them to be in any one of these groups
 	RequireGroups []string `yaml:"require-groups"`

-	// two ways of testing group membership: either via an attribute
-	// of the user's DN, typically named 'memberOf', but customizable:
-	MemberOfAttribute string `yaml:"member-of-attribute"`
-	// or by searching for groups that match the user's DN
+	// two ways of testing group membership:
+	// either by searching for groups that match the user's DN
 	// and testing their names:
 	GroupSearchFilter              string   `yaml:"group-search-filter"`
 	GroupSearchFilterUserAttribute string   `yaml:"group-search-filter-user-attribute"`
 	GroupSearchBaseDNs             []string `yaml:"group-search-base-dns"`
+
+	// or by an attribute on the user's DN, typically named 'memberOf', but customizable:
+	Attr AttributeMap `yaml:"attributes"`
 }

-// shouldAdminBind checks if we should use
-// admin username & password for LDAP bind
-func (config *LDAPConfig) shouldAdminBind() bool {
-	return config.BindPassword != ""
-}
-
-// shouldSingleBind checks if we can use "single bind" approach
-func (config *LDAPConfig) shouldSingleBind() bool {
-	return strings.Contains(config.BindDN, "%s")
-}
-
-// singleBindDN combines the bind with the username
-// in order to get the proper path
-func (config *LDAPConfig) singleBindDN(username string) string {
-	return fmt.Sprintf(config.BindDN, username)
+// AttributeMap is a struct representation for LDAP "attributes" setting
+type AttributeMap struct {
+	Username string
+	Name     string
+	Surname  string
+	Email    string
+	MemberOf string `yaml:"member-of"`
 }