Commit 888a43c8 authored by ale's avatar ale

Add a config toggle to control base64-encoding of keys

parent 29268777
Pipeline #807 passed with stages
in 45 seconds
...@@ -19,6 +19,10 @@ type Config struct { ...@@ -19,6 +19,10 @@ type Config struct {
Shard string `yaml:"shard"` Shard string `yaml:"shard"`
LDAPConfig *backend.LDAPConfig `yaml:"ldap"` LDAPConfig *backend.LDAPConfig `yaml:"ldap"`
Keystore *clientutil.BackendConfig `yaml:"keystore"` Keystore *clientutil.BackendConfig `yaml:"keystore"`
// Set this to true if the keys obtained from the backend need
// to be base64-encoded before being sent to Dovecot.
Base64Encode bool `yaml:"base64_encode_results"`
} }
// Database represents the interface to the underlying backend for // Database represents the interface to the underlying backend for
...@@ -55,6 +59,7 @@ type KeyLookupProxy struct { ...@@ -55,6 +59,7 @@ type KeyLookupProxy struct {
db Database db Database
} }
// NewKeyLookupProxy returns a KeyLookupProxy with the specified configuration.
func NewKeyLookupProxy(config *Config) (*KeyLookupProxy, error) { func NewKeyLookupProxy(config *Config) (*KeyLookupProxy, error) {
if err := config.check(); err != nil { if err := config.check(); err != nil {
return nil, err return nil, err
...@@ -110,7 +115,7 @@ func (s *KeyLookupProxy) lookupUserdb(ctx context.Context, username string) (int ...@@ -110,7 +115,7 @@ func (s *KeyLookupProxy) lookupUserdb(ctx context.Context, username string) (int
return nil, false, nil return nil, false, nil
} }
log.Printf("userdb lookup for %s", username) log.Printf("userdb lookup for %s", username)
return &userdbResponse{PublicKey: b64encode(pub)}, true, nil return &userdbResponse{PublicKey: s.b64encode(pub)}, true, nil
} }
func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password string) (interface{}, bool, error) { func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password string) (interface{}, bool, error) {
...@@ -119,7 +124,7 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st ...@@ -119,7 +124,7 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st
priv, err := s.keystore.Get(ctx, s.config.Shard, username, password) priv, err := s.keystore.Get(ctx, s.config.Shard, username, password)
if err == nil { if err == nil {
log.Printf("passdb lookup for %s (from keystore)", username) log.Printf("passdb lookup for %s (from keystore)", username)
return &passdbResponse{PrivateKey: b64encode(priv)}, true, nil return &passdbResponse{PrivateKey: s.b64encode(priv)}, true, nil
} }
// Otherwise, fetch encrypted keys from the db and attempt to // Otherwise, fetch encrypted keys from the db and attempt to
...@@ -138,9 +143,12 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st ...@@ -138,9 +143,12 @@ func (s *KeyLookupProxy) lookupPassdb(ctx context.Context, username, password st
return nil, false, err return nil, false, err
} }
log.Printf("passdb lookup for %s (decrypted)", username) log.Printf("passdb lookup for %s (decrypted)", username)
return &passdbResponse{PrivateKey: b64encode(priv)}, true, nil return &passdbResponse{PrivateKey: s.b64encode(priv)}, true, nil
} }
func b64encode(b []byte) string { func (s *KeyLookupProxy) b64encode(b []byte) string {
return base64.StdEncoding.EncodeToString(b) if s.config.Base64Encode {
return base64.StdEncoding.EncodeToString(b)
}
return string(b)
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment