Skip to content

GitLab

Commit 888a43c8 authored by ale's avatar ale
Browse files

Add a config toggle to control base64-encoding of keys

parent 29268777
Hide whitespace changes
Inline Side-by-side
dovecot/keyproxy.go
View file @ 888a43c8
......@@ -19,6 +19,10 @@ type Config struct {
Shard string `yaml:"shard"`
LDAPConfig *backend.LDAPConfig `yaml:"ldap"`
Keystore *clientutil.BackendConfig `yaml:"keystore"`
// Set this to true if the keys obtained from the backend need
// to be base64-encoded before being sent to Dovecot.
Base64Encode bool `yaml:"base64_encode_results"`
}
// Database represents the interface to the underlying backend for
......@@ -55,6 +59,7 @@ type KeyLookupProxy struct {
db Database
}
// NewKeyLookupProxy returns a KeyLookupProxy with the specified configuration.
func NewKeyLookupProxy(config *Config) (*KeyLookupProxy, error) {
if err := config.check(); err != nil {
return nil, err
......@@ -110,7 +115,7 @@ func (s *KeyLookupProxy) lookupUserdb(ctx context.Context, username string) (int
return nil, false, nil
}
log.Printf("userdb lookup for %s", username)
return &userdbResponse{PublicKey: b64encode(pub)}, true, nil
return &userdbResponse{PublicKey: s.b64encode(pub)}, true, nil
}
func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password string) (interface{}, bool, error) {
......@@ -119,7 +124,7 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st
priv, err := s.keystore.Get(ctx, s.config.Shard, username, password)
if err == nil {
log.Printf("passdb lookup for %s (from keystore)", username)
return &passdbResponse{PrivateKey: b64encode(priv)}, true, nil
return &passdbResponse{PrivateKey: s.b64encode(priv)}, true, nil
}
// Otherwise, fetch encrypted keys from the db and attempt to
......@@ -138,9 +143,12 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st
return nil, false, err
}
log.Printf("passdb lookup for %s (decrypted)", username)
return &passdbResponse{PrivateKey: b64encode(priv)}, true, nil
return &passdbResponse{PrivateKey: s.b64encode(priv)}, true, nil
}
func b64encode(b []byte) string {
return base64.StdEncoding.EncodeToString(b)
func (s *KeyLookupProxy) b64encode(b []byte) string {
if s.config.Base64Encode {
return base64.StdEncoding.EncodeToString(b)
}
return string(b)
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment