Skip to content

K
keystore
Commit 888a43c8 authored by ale's avatar ale
Browse files
Options

Add a config toggle to control base64-encoding of keys

parent 29268777
Pipeline #807 passed with stages
        in 45 seconds
        Hide whitespace changes
        Inline Side-by-side
        Showing with 13 additions and 5 deletions
        dovecot/keyproxy.go
        View file @ 888a43c8
        ......@@ -19,6 +19,10 @@ type Config struct {
        Shard string `yaml:"shard"`
        LDAPConfig *backend.LDAPConfig `yaml:"ldap"`
        Keystore *clientutil.BackendConfig `yaml:"keystore"`
        // Set this to true if the keys obtained from the backend need
        // to be base64-encoded before being sent to Dovecot.
        Base64Encode bool `yaml:"base64_encode_results"`
        }
        // Database represents the interface to the underlying backend for
        ......@@ -55,6 +59,7 @@ type KeyLookupProxy struct {
        db Database
        }
        // NewKeyLookupProxy returns a KeyLookupProxy with the specified configuration.
        func NewKeyLookupProxy(config *Config) (*KeyLookupProxy, error) {
        if err := config.check(); err != nil {
        return nil, err
        ......@@ -110,7 +115,7 @@ func (s *KeyLookupProxy) lookupUserdb(ctx context.Context, username string) (int
        return nil, false, nil
        }
        log.Printf("userdb lookup for %s", username)
        return &userdbResponse{PublicKey: b64encode(pub)}, true, nil
        return &userdbResponse{PublicKey: s.b64encode(pub)}, true, nil
        }
        func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password string) (interface{}, bool, error) {
        ......@@ -119,7 +124,7 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st
        priv, err := s.keystore.Get(ctx, s.config.Shard, username, password)
        if err == nil {
        log.Printf("passdb lookup for %s (from keystore)", username)
        return &passdbResponse{PrivateKey: b64encode(priv)}, true, nil
        return &passdbResponse{PrivateKey: s.b64encode(priv)}, true, nil
        }
        // Otherwise, fetch encrypted keys from the db and attempt to
        ......@@ -138,9 +143,12 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st
        return nil, false, err
        }
        log.Printf("passdb lookup for %s (decrypted)", username)
        return &passdbResponse{PrivateKey: b64encode(priv)}, true, nil
        return &passdbResponse{PrivateKey: s.b64encode(priv)}, true, nil
        }
        func b64encode(b []byte) string {
        return base64.StdEncoding.EncodeToString(b)
        func (s *KeyLookupProxy) b64encode(b []byte) string {
        if s.config.Base64Encode {
        return base64.StdEncoding.EncodeToString(b)
        }
        return string(b)
        }
        Markdown is supported
        0% or
        You are about to add 0 people to the discussion. Proceed with caution.
        Finish editing this message first!
        Please register or to comment