Security protocols

Author: strk

models/login_source.go

@@ -44,9 +44,9 @@ var LoginNames = map[LoginType]string{
 }
 
 var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
-	ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted",
-	ldap.SECURITY_PROTOCOL_LDAPS:       "LDAPS",
-	ldap.SECURITY_PROTOCOL_START_TLS:   "StartTLS",
+	ldap.SecurityProtocolUnencrypted: "Unencrypted",
+	ldap.SecurityProtocolLdaps:       "LDAPS",
+	ldap.SecurityProtocolStartTls:   "StartTLS",
 }
 
 // Ensure structs implemented interface.
@@ -182,14 +182,14 @@ func (source *LoginSource) IsPAM() bool {
 
 func (source *LoginSource) HasTLS() bool {
 	return ((source.IsLDAP() || source.IsDLDAP()) &&
-		source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) ||
+		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
 		source.IsSMTP()
 }
 
 func (source *LoginSource) UseTLS() bool {
 	switch source.Type {
 	case LoginLdap, LoginDldap:
-		return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED
+		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
 	case LoginSmtp:
 		return source.SMTP().TLS
 	}

modules/auth/ldap/ldap.go

@@ -20,9 +20,9 @@ type SecurityProtocol int
 
 // Note: new type must be added at the end of list to maintain compatibility.
 const (
-	SECURITY_PROTOCOL_UNENCRYPTED SecurityProtocol = iota
-	SECURITY_PROTOCOL_LDAPS
-	SECURITY_PROTOCOL_START_TLS
+	SecurityProtocolUnencrypted SecurityProtocol = iota
+	SecurityProtocolLdaps
+	SecurityProtocolStartTls
 )
 
 // Basic LDAP authentication service
@@ -118,7 +118,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
 		ServerName:         ls.Host,
 		InsecureSkipVerify: ls.SkipVerify,
 	}
-	if ls.SecurityProtocol == SECURITY_PROTOCOL_LDAPS {
+	if ls.SecurityProtocol == SecurityProtocolLdaps {
 		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)
 	}
 
@@ -127,7 +127,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
 		return nil, fmt.Errorf("Dial: %v", err)
 	}
 
-	if ls.SecurityProtocol == SECURITY_PROTOCOL_START_TLS {
+	if ls.SecurityProtocol == SecurityProtocolStartTls {
 		if err = conn.StartTLS(tlsCfg); err != nil {
 			conn.Close()
 			return nil, fmt.Errorf("StartTLS: %v", err)

routers/admin/auths.go

@@ -54,9 +54,9 @@ var (
 		{models.LoginNames[models.LoginPam], models.LoginPam},
 	}
 	securityProtocols = []dropdownItem{
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
+		{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
+		{models.SecurityProtocolNames[ldap.SecurityProtocolLdaps], ldap.SecurityProtocolLdaps},
+		{models.SecurityProtocolNames[ldap.SecurityProtocolStartTls], ldap.SecurityProtocolStartTls},
 	}
 )
 
@@ -67,7 +67,7 @@ func NewAuthSource(ctx *context.Context) {
 
 	ctx.Data["type"] = models.LoginLdap
 	ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap]
-	ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
+	ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
 	ctx.Data["smtp_auth"] = "PLAIN"
 	ctx.Data["is_active"] = true
 	ctx.Data["AuthSources"] = authSources
@@ -127,7 +127,7 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
 	switch models.LoginType(form.Type) {
 	case models.LoginLdap, models.LoginDldap:
 		config = parseLDAPConfig(form)
-		hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
+		hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
 	case models.LoginSmtp:
 		config = parseSMTPConfig(form)
 		hasTLS = true