Commit 4699068f authored by ale's avatar ale
Browse files

Add U2F registrations support to the LDAP backend

parent 72bc4233
...@@ -8,6 +8,7 @@ import ( ...@@ -8,6 +8,7 @@ import (
"strings" "strings"
ldaputil "git.autistici.org/ai3/go-common/ldap" ldaputil "git.autistici.org/ai3/go-common/ldap"
"github.com/tstranex/u2f"
"gopkg.in/ldap.v2" "gopkg.in/ldap.v2"
) )
...@@ -108,6 +109,7 @@ func (c *LDAPServiceConfig) userFromResponse(username string, result *ldap.Searc ...@@ -108,6 +109,7 @@ func (c *LDAPServiceConfig) userFromResponse(username string, result *ldap.Searc
EncryptedPassword: []byte(dropCryptPrefix(getStringFromLDAPEntry(entry, c.Attrs["password"]))), EncryptedPassword: []byte(dropCryptPrefix(getStringFromLDAPEntry(entry, c.Attrs["password"]))),
TOTPSecret: getStringFromLDAPEntry(entry, c.Attrs["totp_secret"]), TOTPSecret: getStringFromLDAPEntry(entry, c.Attrs["totp_secret"]),
AppSpecificPasswords: decodeAppSpecificPasswordList(getListFromLDAPEntry(entry, c.Attrs["app_specific_password"])), AppSpecificPasswords: decodeAppSpecificPasswordList(getListFromLDAPEntry(entry, c.Attrs["app_specific_password"])),
U2FRegistrations: decodeU2FRegistrationList(getListFromLDAPEntry(entry, c.Attrs["u2f_registrations"])),
} }
return &u, true return &u, true
...@@ -155,6 +157,24 @@ func decodeAppSpecificPassword(enc string) (*AppSpecificPassword, error) { ...@@ -155,6 +157,24 @@ func decodeAppSpecificPassword(enc string) (*AppSpecificPassword, error) {
}, nil }, nil
} }
func decodeU2FRegistration(enc string) (u2f.Registration, error) {
var reg u2f.Registration
if err := reg.UnmarshalBinary([]byte(enc)); err != nil {
return reg, err
}
return reg, nil
}
func decodeU2FRegistrationList(encRegs []string) []u2f.Registration {
var out []u2f.Registration
for _, enc := range encRegs {
if r, err := decodeU2FRegistration(enc); err == nil {
out = append(out, r)
}
}
return out
}
// LDAPConfig holds the global configuration for the LDAP user backend. // LDAPConfig holds the global configuration for the LDAP user backend.
type LDAPConfig struct { type LDAPConfig struct {
URI string `yaml:"uri"` URI string `yaml:"uri"`
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment