cmd/syncthing: Add LDAP authentication for GUI (fixes #5163) (#5169)

lib/config/authmode.go

@@ -0,0 +1,41 @@
+// Copyright (C) 2018 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package config
+
+type AuthMode int
+
+const (
+	AuthModeStatic AuthMode = iota // default is static
+	AuthModeLDAP
+)
+
+func (t AuthMode) String() string {
+	switch t {
+	case AuthModeStatic:
+		return "static"
+	case AuthModeLDAP:
+		return "ldap"
+	default:
+		return "unknown"
+	}
+}
+
+func (t AuthMode) MarshalText() ([]byte, error) {
+	return []byte(t.String()), nil
+}
+
+func (t *AuthMode) UnmarshalText(bs []byte) error {
+	switch string(bs) {
+	case "ldap":
+		*t = AuthModeLDAP
+	case "static":
+		*t = AuthModeStatic
+	default:
+		*t = AuthModeStatic
+	}
+	return nil
+}

lib/config/config.go

@@ -129,6 +129,7 @@ type Configuration struct {
 	Folders        []FolderConfiguration `xml:"folder" json:"folders"`
 	Devices        []DeviceConfiguration `xml:"device" json:"devices"`
 	GUI            GUIConfiguration      `xml:"gui" json:"gui"`
+	LDAP           LDAPConfiguration     `xml:"ldap" json:"ldap"`
 	Options        OptionsConfiguration  `xml:"options" json:"options"`
 	IgnoredDevices []ObservedDevice      `xml:"remoteIgnoredDevice" json:"remoteIgnoredDevices"`
 	PendingDevices []ObservedDevice      `xml:"pendingDevice" json:"pendingDevices"`

lib/config/guiconfiguration.go

@@ -13,17 +13,22 @@ import (
 )
 
 type GUIConfiguration struct {
-	Enabled                   bool   `xml:"enabled,attr" json:"enabled" default:"true"`
-	RawAddress                string `xml:"address" json:"address" default:"127.0.0.1:8384"`
-	User                      string `xml:"user,omitempty" json:"user"`
-	Password                  string `xml:"password,omitempty" json:"password"`
-	RawUseTLS                 bool   `xml:"tls,attr" json:"useTLS"`
-	APIKey                    string `xml:"apikey,omitempty" json:"apiKey"`
-	InsecureAdminAccess       bool   `xml:"insecureAdminAccess,omitempty" json:"insecureAdminAccess"`
-	Theme                     string `xml:"theme" json:"theme" default:"default"`
-	Debugging                 bool   `xml:"debugging,attr" json:"debugging"`
-	InsecureSkipHostCheck     bool   `xml:"insecureSkipHostcheck,omitempty" json:"insecureSkipHostcheck"`
-	InsecureAllowFrameLoading bool   `xml:"insecureAllowFrameLoading,omitempty" json:"insecureAllowFrameLoading"`
+	Enabled                   bool     `xml:"enabled,attr" json:"enabled" default:"true"`
+	RawAddress                string   `xml:"address" json:"address" default:"127.0.0.1:8384"`
+	User                      string   `xml:"user,omitempty" json:"user"`
+	Password                  string   `xml:"password,omitempty" json:"password"`
+	AuthMode                  AuthMode `xml:"authMode,omitempty" json:"authMode"`
+	RawUseTLS                 bool     `xml:"tls,attr" json:"useTLS"`
+	APIKey                    string   `xml:"apikey,omitempty" json:"apiKey"`
+	InsecureAdminAccess       bool     `xml:"insecureAdminAccess,omitempty" json:"insecureAdminAccess"`
+	Theme                     string   `xml:"theme" json:"theme" default:"default"`
+	Debugging                 bool     `xml:"debugging,attr" json:"debugging"`
+	InsecureSkipHostCheck     bool     `xml:"insecureSkipHostcheck,omitempty" json:"insecureSkipHostcheck"`
+	InsecureAllowFrameLoading bool     `xml:"insecureAllowFrameLoading,omitempty" json:"insecureAllowFrameLoading"`
+}
+
+func (c GUIConfiguration) IsAuthEnabled() bool {
+	return c.AuthMode == AuthModeLDAP || (len(c.User) > 0 && len(c.Password) > 0)
 }
 
 func (c GUIConfiguration) Address() string {

lib/config/ldapconfiguration.go

@@ -0,0 +1,18 @@
+// Copyright (C) 2018 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package config
+
+type LDAPConfiguration struct {
+	Address            string        `xml:"address,omitempty" json:"addresd"`
+	BindDN             string        `xml:"bindDN,omitempty" json:"bindDN"`
+	Transport          LDAPTransport `xml:"transport,omitempty" json:"transport"`
+	InsecureSkipVerify bool          `xml:"insecureSkipVerify,omitempty" json:"insecureSkipVerify" default:"false"`
+}
+
+func (c LDAPConfiguration) Copy() LDAPConfiguration {
+	return c
+}

lib/config/ldaptransport.go

@@ -0,0 +1,46 @@
+// Copyright (C) 2018 The Syncthing Authors.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package config
+
+type LDAPTransport int
+
+const (
+	LDAPTransportPlain LDAPTransport = iota // default is plain
+	LDAPTransportTLS
+	LDAPTransportStartTLS
+)
+
+func (t LDAPTransport) String() string {
+	switch t {
+	case LDAPTransportPlain:
+		return "plain"
+	case LDAPTransportTLS:
+		return "tls"
+	case LDAPTransportStartTLS:
+		return "starttls"
+	default:
+		return "unknown"
+	}
+}
+
+func (t LDAPTransport) MarshalText() ([]byte, error) {
+	return []byte(t.String()), nil
+}
+
+func (t *LDAPTransport) UnmarshalText(bs []byte) error {
+	switch string(bs) {
+	case "plain":
+		*t = LDAPTransportPlain
+	case "tls":
+		*t = LDAPTransportTLS
+	case "starttls":
+		*t = LDAPTransportStartTLS
+	default:
+		*t = LDAPTransportPlain
+	}
+	return nil
+}

lib/config/wrapper.go

@@ -305,6 +305,12 @@ func (w *Wrapper) SetOptions(opts OptionsConfiguration) (Waiter, error) {
 	return w.replaceLocked(newCfg)
 }
 
+func (w *Wrapper) LDAP() LDAPConfiguration {
+	w.mut.Lock()
+	defer w.mut.Unlock()
+	return w.cfg.LDAP.Copy()
+}
+
 // GUI returns the current GUI configuration object.
 func (w *Wrapper) GUI() GUIConfiguration {
 	w.mut.Lock()