mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-23 22:29:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove "glauth" service

Browse Source 
The "glauth" service is no longer used. After we switched to
libregraph/idm.
This commit is contained in:
Ralf Haferkamp
2022-05-04 12:34:22 +02:00
committed by Ralf Haferkamp
parent e3ddf3f17a
commit 5ba1b8f2c1
52 changed files with 10 additions and 2152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.drone.star
View File

@@ -52,7 +52,6 @@ config = {
"extensions/auth-machine",
"extensions/frontend",
"extensions/gateway",
"extensions/glauth",
"extensions/graph-explorer",
"extensions/graph",
"extensions/groups",
@@ -1717,7 +1716,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
"SHARING_USER_OWNCLOUDSQL_DB_PORT": 3306,
"SHARING_USER_OWNCLOUDSQL_DB_NAME": "owncloud",
# General oCIS config
# OCIS_RUN_EXTENSIONS specifies to start all extensions except glauth, idp and accounts. These are replaced by external services
# OCIS_RUN_EXTENSIONS specifies to start all extensions except idm, idp and accounts. These are replaced by external services
"OCIS_RUN_EXTENSIONS": "app-registry,app-provider,audit,auth-basic,auth-bearer,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav",
"OCIS_LOG_LEVEL": "info",
"OCIS_URL": OCIS_URL,

2
.vscode/launch.json vendored
View File

@@ -22,7 +22,7 @@
// demo users
"IDM_CREATE_DEMO_USERS": "true",
// OCIS_RUN_EXTENSIONS allows to start a subset of extensions even in the supervised mode
//"OCIS_RUN_EXTENSIONS": "settings,storage-system,glauth,graph,graph-explorer,idp,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,auth-bearer,storage-authmachine,storage-users,storage-shares,storage-publiclink,app-provider,sharing,accounts,proxy,ocdav",
//"OCIS_RUN_EXTENSIONS": "settings,storage-system,graph,graph-explorer,idp,idm,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,auth-bearer,storage-authmachine,storage-users,storage-shares,storage-publiclink,app-provider,sharing,accounts,proxy,ocdav",
/*
* Keep secrets and passwords in one block to allow easy uncommenting

1
Makefile
View File

@@ -25,7 +25,6 @@ OCIS_MODULES = \
extensions/auth-machine \
extensions/frontend \
extensions/gateway \
extensions/glauth \
extensions/graph \
extensions/graph-explorer \
extensions/groups \

2
deployments/examples/oc10_ocis_parallel/docker-compose.yml
View File

@@ -119,7 +119,7 @@ services:
# ownCloud storage readonly
OCIS_STORAGE_READ_ONLY: "false" # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303
# General oCIS config
# OCIS_RUN_EXTENSIONS specifies to start all extensions except glauth, idp and accounts. These are replaced by external services
# OCIS_RUN_EXTENSIONS specifies to start all extensions except idm, idp and accounts. These are replaced by external services
OCIS_RUN_EXTENSIONS: app-registry,app-provider,audit,auth-basic,auth-bearer,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
OCIS_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test}

8
deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml
View File

@@ -19,14 +19,6 @@ services:
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
glauth:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
GLAUTH_DEBUG_ADDR: 0.0.0.0:9129
idp:
environment:
# tracing

1
docs/extensions/glauth/.gitignore vendored
View File

@@ -1 +0,0 @@
grpc.md

13
docs/extensions/glauth/_index.md
View File

@@ -1,13 +0,0 @@
---
title: "GLAuth"
date: 2018-05-02T00:00:00+00:00
weight: 20
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/extensions/glauth
geekdocFilePath: _index.md
geekdocCollapseSection: true
---
This service provides a [glauth](https://github.com/glauth/glauth) based LDAP proxy for oCIS which can be used by clients or other extensions. It allows applications relying on LDAP to access the accounts stored in the oCIS accounts service. It can be used to make firewalls or identity providers aware of all users, including guest accounts.
We are using it to make eos aware of all accounts so the native ACLs can be used to persist share information in the storage.

16
docs/extensions/glauth/configuration-hints.md
View File

@@ -1,16 +0,0 @@
---
title: "Configuration Hints"
date: 2018-05-02T00:00:00+00:00
weight: 20
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/extensions/glauth
geekdocFilePath: configuration-hints.md
---
{{< toc >}}
## Configuration hints
The default setup does not use a fallback backend. It can be enabled by setting the `GLAUTH_FALLBACK_DATASTORE` environment variable.
When using `owncloud` make sure to use the full URL to the [ownCloud 10 graph api app](https://github.com/owncloud/graphapi) endpoint, e.g.: `GLAUTH_FALLBACK_SERVERS="https://demo.owncloud.com/apps/graphapi/v1.0"`

15
docs/extensions/glauth/configuration.md
View File

@@ -1,15 +0,0 @@
---
title: Service Configuration
date: 2018-05-02T00:00:00+00:00
weight: 20
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/extensions/glauth
geekdocFilePath: configuration.md
geekdocCollapseSection: true
---
## Example YAML Config
{{< include file="extensions/_includes/glauth-config-example.yaml" language="yaml" >}}
{{< include file="extensions/_includes/glauth_configvars.md" >}}

4
docs/extensions/port-ranges.md
View File

@@ -30,7 +30,7 @@ We also suggest to use the last port in your extensions' range as a debug/metric
| 9110-9114 | [ocs](https://github.com/owncloud/ocis/tree/master/ocs) |
| 9115-9119 | [webdav](https://github.com/owncloud/ocis/tree/master/webdav) |
| 9120-9124 | [graph](https://github.com/owncloud/ocis/tree/master/graph) |
| 9125-9129 | [glauth](https://github.com/owncloud/ocis/tree/master/devldap) |
| 9125-9129 | FREE (formerly used by glauth) |
| 9130-9134 | [konnectd](https://github.com/owncloud/ocis/tree/master/konnectd) |
| 9135-9139 | [graph-explorer](https://github.com/owncloud/ocis/tree/master/graph-explorer) |
| 9140-9179 | [reva/storage](https://github.com/owncloud/ocis/tree/master/storage) |
@@ -45,7 +45,7 @@ We also suggest to use the last port in your extensions' range as a debug/metric
| 9220-9224 | search |
| 9225-9229 | photoprism (state: PoC) |
| 9230-9234 | [nats](https://github.com/owncloud/ocis/tree/master/nats) |
| 9235-9239 | idm TBD |
| 9235-9239 | [idm](https://github.com/owncloud/ocis/tree/master/proxy) |
| 9240-9244 | [app-registry](https://github.com/owncloud/ocis/tree/master/extensions/app-registry) |
| 9245-9249 | FREE |
| 9250-9254 | oCIS Runtime |

1
docs/extensions/storage/storagedrivers.md
View File

@@ -118,7 +118,6 @@ The *minimal* storage driver for a POSIX based filesystem. It literally supports
- grant persistence
- using POSIX ACLs
- requires an LDAP server to make guest accounts available in the OS
- oCIS has glauth which contains all users
- an existing LDAP could be used if guests ar provisioned in another way
- using extended attributes to implement expiry or sharing that does not require OS level integration
- fuse filesystem overlay

2
docs/ocis/_index.md
View File

@@ -54,7 +54,7 @@ We use [ocis-pkg](https://github.com/owncloud/ocis/tree/master/ocis-pkg) to conf
A lot of embedded services in oCIS are built upon the [REVA](https://reva.link/) runtime. We decided to bundle some of the [CS3 services](https://github.com/cs3org/cs3apis) to logically group them. A [home storage provider](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/storagehome.go#L93-L108), which is dealing with [metadata](https://cs3org.github.io/cs3apis/#cs3.storage.provider.v1beta1.ProviderAPI), and the corresponding [data provider](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/storagehome.go#L109-L123), which is dealing with [up and download](https://cs3org.github.io/cs3apis/#cs3.gateway.v1beta1.FileUploadProtocol), are one example. The [frontend](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go) with the [oc flavoured webdav](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go#L132-L138), [ocs handlers](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go#L139-L148) and a [data-gateway](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go#L126-L131) are another.
### Protocol driven development
Interacting with oCIS involves a multitude af APIs. The server and all clients rely on [OpenID Connect](https://openid.net/connect/) for authentication. The [embedded LibreGraph Connect](https://github.com/owncloud/ocis/tree/master/idp) can be replaced with any other OpenID Connect Identity Provider. Clients use the [WebDAV](http://webdav.org/) based [oc sync protocol](https://github.com/cernbox/smashbox/blob/master/protocol/protocol.md) to manage files and folders, [ocs to manage shares](https://doc.owncloud.com/server/developer_manual/core/apis/ocs-share-api.html) and [TUS](https://tus.io/protocols/resumable-upload.html) to upload files in a resumable way. On the server side [REVA](https://reva.link/) is the reference implementation of the [CS3 apis](https://github.com/cs3org/cs3apis) which is defined using [protobuf](https://developers.google.com/protocol-buffers/). By embedding [glauth](https://github.com/glauth/glauth/), oCIS provides a read-only [LDAP](https://tools.ietf.org/html/rfc2849) interface to make accounts, including guests available to firewalls and other systems. In the future, we are looking into [the Microsoft Graph API](https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0), which is based on [odata](http://docs.oasis-open.org/odata/odata/v4.0/odata-v4.0-part1-protocol.html), as a well-defined REST/JSON dialect for the existing endpoints.
Interacting with oCIS involves a multitude af APIs. The server and all clients rely on [OpenID Connect](https://openid.net/connect/) for authentication. The [embedded LibreGraph Connect](https://github.com/owncloud/ocis/tree/master/idp) can be replaced with any other OpenID Connect Identity Provider. Clients use the [WebDAV](http://webdav.org/) based [oc sync protocol](https://github.com/cernbox/smashbox/blob/master/protocol/protocol.md) to manage files and folders, [ocs to manage shares](https://doc.owncloud.com/server/developer_manual/core/apis/ocs-share-api.html) and [TUS](https://tus.io/protocols/resumable-upload.html) to upload files in a resumable way. On the server side [REVA](https://reva.link/) is the reference implementation of the [CS3 apis](https://github.com/cs3org/cs3apis) which is defined using [protobuf](https://developers.google.com/protocol-buffers/). By embedding [libregraph/idm](https://github.com/libregraph/idm), oCIS provides a [LDAP](https://tools.ietf.org/html/rfc2849) interface to make accounts, including guests available to firewalls and other systems. In the future, we are looking into [the Microsoft Graph API](https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0), which is based on [odata](http://docs.oasis-open.org/odata/odata/v4.0/odata-v4.0-part1-protocol.html), as a well-defined REST/JSON dialect for the existing endpoints.
### Acceptance test suite
We run a huge [test suite](https://github.com/owncloud/core/tree/master/tests), which originated in ownCloud 10 and continues to grow. A detailed description can be found in the developer docs for [testing]({{< ref "development/testing" >}}).

3
docs/ocis/static/architecture-overview.drawio.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 96 KiB

After

Width:  |  Height:  |  Size: 70 KiB

2
docs/ocis/static/runtime.drawio.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 18 KiB

2
extensions/glauth/.dockerignore
View File

@@ -1,2 +0,0 @@
*
!bin/

1
extensions/glauth/.gitignore vendored
View File

@@ -1 +0,0 @@
data/

37
extensions/glauth/Makefile
View File

@@ -1,37 +0,0 @@
SHELL := bash
NAME := glauth
include ../../.make/recursion.mk
############ tooling ############
ifneq (, $(shell which go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI
include ../../.bingo/Variables.mk
endif
############ go tooling ############
include ../../.make/go.mk
############ release ############
include ../../.make/release.mk
############ docs generate ############
include ../../.make/docs.mk
.PHONY: docs-generate
docs-generate: config-docs-generate
############ generate ############
include ../../.make/generate.mk
.PHONY: ci-go-generate
ci-go-generate: # CI runs ci-node-generate automatically before this target
.PHONY: ci-node-generate
ci-node-generate:
############ licenses ############
.PHONY: ci-node-check-licenses
ci-node-check-licenses:
.PHONY: ci-node-save-licenses
ci-node-save-licenses:

14
extensions/glauth/cmd/glauth/main.go
View File

@@ -1,14 +0,0 @@
package main
import (
"os"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/command"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config/defaults"
)
func main() {
if err := command.Execute(defaults.DefaultConfig()); err != nil {
os.Exit(1)
}
}

19
extensions/glauth/docker/Dockerfile.linux.amd64
View File

@@ -1,19 +0,0 @@
FROM amd64/alpine:latest
RUN apk update && \
apk upgrade && \
apk add ca-certificates mailcap && \
rm -rf /var/cache/apk/* && \
echo 'hosts: files dns' >| /etc/nsswitch.conf
LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
org.label-schema.name="oCIS GLAuth" \
org.label-schema.vendor="ownCloud GmbH" \
org.label-schema.schema-version="1.0"
EXPOSE 9120 9124
ENTRYPOINT ["/usr/bin/ocis-glauth"]
CMD ["server"]
COPY bin/ocis-glauth /usr/bin/ocis-glauth

19
extensions/glauth/docker/Dockerfile.linux.arm
View File

@@ -1,19 +0,0 @@
FROM arm32v6/alpine:latest
RUN apk update && \
apk upgrade && \
apk add ca-certificates mailcap && \
rm -rf /var/cache/apk/* && \
echo 'hosts: files dns' >| /etc/nsswitch.conf
LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
org.label-schema.name="oCIS GLAuth" \
org.label-schema.vendor="ownCloud GmbH" \
org.label-schema.schema-version="1.0"
EXPOSE 9120 9124
ENTRYPOINT ["/usr/bin/ocis-glauth"]
CMD ["server"]
COPY bin/ocis-glauth /usr/bin/ocis-glauth

19
extensions/glauth/docker/Dockerfile.linux.arm64
View File

@@ -1,19 +0,0 @@
FROM arm64v8/alpine:latest
RUN apk update && \
apk upgrade && \
apk add ca-certificates mailcap && \
rm -rf /var/cache/apk/* && \
echo 'hosts: files dns' >| /etc/nsswitch.conf
LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
org.label-schema.name="oCIS GLAuth" \
org.label-schema.vendor="ownCloud GmbH" \
org.label-schema.schema-version="1.0"
EXPOSE 9120 9124
ENTRYPOINT ["/usr/bin/ocis-glauth"]
CMD ["server"]
COPY bin/ocis-glauth /usr/bin/ocis-glauth

22
extensions/glauth/docker/manifest.tmpl
View File

@@ -1,22 +0,0 @@
image: owncloud/ocis-glauth:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
- {{this}}
{{/each}}
{{/if}}
manifests:
- image: owncloud/ocis-glauth:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
platform:
architecture: amd64
os: linux
- image: owncloud/ocis-glauth:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
platform:
architecture: arm64
variant: v8
os: linux
- image: owncloud/ocis-glauth:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
platform:
architecture: arm
variant: v6
os: linux

57
extensions/glauth/pkg/command/health.go
View File

@@ -1,57 +0,0 @@
package command
import (
"fmt"
"net/http"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config/parser"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/logging"
"github.com/urfave/cli/v2"
)
// Health is the entrypoint for the health command.
func Health(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "health",
Usage: "check health status",
Category: "info",
Before: func(c *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)
resp, err := http.Get(
fmt.Sprintf(
"http://%s/healthz",
cfg.Debug.Addr,
),
)
if err != nil {
logger.Fatal().
Err(err).
Msg("Failed to request health check")
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
logger.Fatal().
Int("code", resp.StatusCode).
Msg("Health seems to be in bad state")
}
logger.Debug().
Int("code", resp.StatusCode).
Msg("Health got a good state")
return nil
},
}
}

64
extensions/glauth/pkg/command/root.go
View File

@@ -1,64 +0,0 @@
package command
import (
"context"
"os"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/clihelper"
ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
"github.com/thejerf/suture/v4"
"github.com/urfave/cli/v2"
)
// GetCommands provides all commands for this service
func GetCommands(cfg *config.Config) cli.Commands {
return []*cli.Command{
// start this service
Server(cfg),
// interaction with this service
// infos about this service
Health(cfg),
Version(cfg),
}
}
// Execute is the entry point for the ocis-glauth command.
func Execute(cfg *config.Config) error {
app := clihelper.DefaultApp(&cli.App{
Name: "glauth",
Usage: "Serve GLAuth API for oCIS",
Commands: GetCommands(cfg),
})
cli.HelpFlag = &cli.BoolFlag{
Name: "help,h",
Usage: "Show the help",
}
return app.Run(os.Args)
}
// SutureService allows for the glauth command to be embedded and supervised by a suture supervisor tree.
type SutureService struct {
cfg *config.Config
}
// NewSutureService creates a new glauth.SutureService
func NewSutureService(cfg *ociscfg.Config) suture.Service {
cfg.GLAuth.Commons = cfg.Commons
return SutureService{
cfg: cfg.GLAuth,
}
}
func (s SutureService) Serve(ctx context.Context) error {
s.cfg.Context = ctx
if err := Execute(s.cfg); err != nil {
return err
}
return nil
}

192
extensions/glauth/pkg/command/server.go
View File

@@ -1,192 +0,0 @@
package command
import (
"context"
"fmt"
"os"
accountssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/accounts/v0"
glauthcfg "github.com/glauth/glauth/v2/pkg/config"
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config/parser"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/logging"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/metrics"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/server/debug"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/server/glauth"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/tracing"
pkgcrypto "github.com/owncloud/ocis/v2/ocis-pkg/crypto"
"github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/urfave/cli/v2"
)
// Server is the entrypoint for the server command.
func Server(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "server",
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
os.Exit(1)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)
err := tracing.Configure(cfg)
if err != nil {
return err
}
gr := run.Group{}
ctx, cancel := func() (context.Context, context.CancelFunc) {
if cfg.Context == nil {
return context.WithCancel(context.Background())
}
return context.WithCancel(cfg.Context)
}()
metrics := metrics.New()
defer cancel()
metrics.BuildInfo.WithLabelValues(version.String).Set(1)
{
lcfg := glauthcfg.LDAP{
Enabled: cfg.Ldap.Enabled,
Listen: cfg.Ldap.Addr,
}
lscfg := glauthcfg.LDAPS{
Enabled: cfg.Ldaps.Enabled,
Listen: cfg.Ldaps.Addr,
Cert: cfg.Ldaps.Cert,
Key: cfg.Ldaps.Key,
}
bcfg := glauthcfg.Config{
LDAP: lcfg, // TODO remove LDAP from the backend config upstream
LDAPS: lscfg, // TODO remove LDAP from the backend config upstream
Backend: glauthcfg.Backend{
Datastore: cfg.Backend.Datastore,
BaseDN: cfg.Backend.BaseDN,
Insecure: cfg.Backend.Insecure,
NameFormat: cfg.Backend.NameFormat,
GroupFormat: cfg.Backend.GroupFormat,
Servers: cfg.Backend.Servers,
SSHKeyAttr: cfg.Backend.SSHKeyAttr,
UseGraphAPI: cfg.Backend.UseGraphAPI,
},
}
fcfg := glauthcfg.Config{
LDAP: lcfg, // TODO remove LDAP from the backend config upstream
LDAPS: lscfg, // TODO remove LDAP from the backend config upstream
Backend: glauthcfg.Backend{
Datastore: cfg.Fallback.Datastore,
BaseDN: cfg.Fallback.BaseDN,
Insecure: cfg.Fallback.Insecure,
NameFormat: cfg.Fallback.NameFormat,
GroupFormat: cfg.Fallback.GroupFormat,
Servers: cfg.Fallback.Servers,
SSHKeyAttr: cfg.Fallback.SSHKeyAttr,
UseGraphAPI: cfg.Fallback.UseGraphAPI,
},
}
if lscfg.Enabled {
if err := pkgcrypto.GenCert(cfg.Ldaps.Cert, cfg.Ldaps.Key, logger); err != nil {
logger.Fatal().Err(err).Msgf("Could not generate test-certificate")
}
}
as, gs := getAccountsServices()
server, err := glauth.Server(
glauth.AccountsService(as),
glauth.GroupsService(gs),
glauth.Logger(logger),
glauth.LDAP(&lcfg),
glauth.LDAPS(&lscfg),
glauth.Backend(&bcfg),
glauth.Fallback(&fcfg),
glauth.RoleBundleUUID(cfg.RoleBundleUUID),
)
if err != nil {
logger.Info().
Err(err).
Str("transport", "ldap").
Msg("Failed to initialize server")
return err
}
gr.Add(func() error {
err := make(chan error)
select {
case <-ctx.Done():
return nil
case err <- server.ListenAndServe():
return <-err
}
}, func(_ error) {
logger.Info().
Str("transport", "ldap").
Msg("Shutting down server")
server.Shutdown()
cancel()
})
gr.Add(func() error {
err := make(chan error)
select {
case <-ctx.Done():
return nil
case err <- server.ListenAndServeTLS():
return <-err
}
}, func(_ error) {
logger.Info().
Str("transport", "ldaps").
Msg("Shutting down server")
server.Shutdown()
cancel()
})
}
{
server, err := debug.Server(
debug.Logger(logger),
debug.Context(ctx),
debug.Config(cfg),
)
if err != nil {
logger.Info().Err(err).Str("transport", "debug").Msg("Failed to initialize server")
return err
}
gr.Add(server.ListenAndServe, func(_ error) {
_ = server.Shutdown(ctx)
cancel()
})
}
return gr.Run()
},
}
}
// getAccountsServices returns an ocis-accounts service
func getAccountsServices() (accountssvc.AccountsService, accountssvc.GroupsService) {
return accountssvc.NewAccountsService("com.owncloud.api.accounts", grpc.DefaultClient),
accountssvc.NewGroupsService("com.owncloud.api.accounts", grpc.DefaultClient)
}

50
extensions/glauth/pkg/command/version.go
View File

@@ -1,50 +0,0 @@
package command
import (
"fmt"
"os"
"github.com/owncloud/ocis/v2/ocis-pkg/registry"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
tw "github.com/olekukonko/tablewriter"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/urfave/cli/v2"
)
// Version prints the service versions of all running instances.
func Version(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "version",
Usage: "print the version of this binary and the running extension instances",
Category: "info",
Action: func(c *cli.Context) error {
fmt.Println("Version: " + version.String)
fmt.Printf("Compiled: %s\n", version.Compiled())
fmt.Println("")
reg := registry.GetRegistry()
services, err := reg.GetService(cfg.Ldap.Namespace + "." + cfg.Service.Name)
if err != nil {
fmt.Println(fmt.Errorf("could not get %s services from the registry: %v", cfg.Service.Name, err))
return err
}
if len(services) == 0 {
fmt.Println("No running " + cfg.Service.Name + " service found.")
return nil
}
table := tw.NewWriter(os.Stdout)
table.SetHeader([]string{"Version", "Address", "Id"})
table.SetAutoFormatHeaders(false)
for _, s := range services {
for _, n := range s.Nodes {
table.Append([]string{s.Version, n.Address, n.Id})
}
}
table.Render()
return nil
},
}
}

52
extensions/glauth/pkg/config/config.go
View File

@@ -1,52 +0,0 @@
package config
import (
"context"
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
)
// Config combines all available configuration parts.
type Config struct {
*shared.Commons `yaml:"-"`
Service Service `yaml:"-"`
Tracing *Tracing `yaml:"tracing"`
Log *Log `yaml:"log"`
Debug Debug `yaml:"debug"`
Ldap Ldap `yaml:"ldap"`
Ldaps Ldaps `yaml:"ldaps"`
Backend Backend `yaml:"backend"`
Fallback FallbackBackend `yaml:"fallback"`
RoleBundleUUID string `yaml:"role_bundle_uuid" env:"GLAUTH_ROLE_BUNDLE_ID"`
Context context.Context `yaml:"-"`
}
// Backend defined the available backend configuration.
type Backend struct {
Datastore string `yaml:"datastore"`
BaseDN string `yaml:"base_dn"`
Insecure bool `yaml:"insecure"`
NameFormat string `yaml:"name_format"`
GroupFormat string `yaml:"group_format"`
Servers []string `yaml:"servers"`
SSHKeyAttr string `yaml:"ssh_key_attr"`
UseGraphAPI bool `yaml:"use_graph_api"`
}
// FallbackBackend defined the available fallback backend configuration.
type FallbackBackend struct {
Datastore string `yaml:"datastore"`
BaseDN string `yaml:"base_dn"`
Insecure bool `yaml:"insecure"`
NameFormat string `yaml:"name_format"`
GroupFormat string `yaml:"group_format"`
Servers []string `yaml:"servers"`
SSHKeyAttr string `yaml:"ssh_key_attr"`
UseGraphAPI bool `yaml:"use_graph_api"`
}

9
extensions/glauth/pkg/config/debug.go
View File

@@ -1,9 +0,0 @@
package config
// Debug defines the available debug configuration.
type Debug struct {
Addr string `yaml:"addr" env:"GLAUTH_DEBUG_ADDR"`
Token string `yaml:"token" env:"GLAUTH_DEBUG_TOKEN"`
Pprof bool `yaml:"pprof" env:"GLAUTH_DEBUG_PPROF"`
Zpages bool `yaml:"zpages" env:"GLAUTH_DEBUG_ZPAGES"`
}

88
extensions/glauth/pkg/config/defaults/defaultconfig.go
View File

@@ -1,88 +0,0 @@
package defaults
import (
"path"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/config/defaults"
)
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
func DefaultConfig() *config.Config {
return &config.Config{
Debug: config.Debug{
Addr: "127.0.0.1:9129",
},
Service: config.Service{
Name: "glauth",
},
Ldap: config.Ldap{
Enabled: true,
Addr: "127.0.0.1:9125",
Namespace: "com.owncloud.ldap",
},
Ldaps: config.Ldaps{
Enabled: true,
Addr: "127.0.0.1:9126",
Namespace: "com.owncloud.ldaps",
Cert: path.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
Key: path.Join(defaults.BaseDataPath(), "ldap", "ldap.key"),
},
Backend: config.Backend{
Datastore: "accounts",
BaseDN: "dc=ocis,dc=test",
Insecure: false,
NameFormat: "cn",
GroupFormat: "ou",
Servers: nil,
SSHKeyAttr: "sshPublicKey",
UseGraphAPI: true,
},
Fallback: config.FallbackBackend{
Datastore: "",
BaseDN: "dc=ocis,dc=test",
Insecure: false,
NameFormat: "cn",
GroupFormat: "ou",
Servers: nil,
SSHKeyAttr: "sshPublicKey",
UseGraphAPI: true,
},
RoleBundleUUID: "71881883-1768-46bd-a24d-a356a2afdf7f", // BundleUUIDRoleAdmin
}
}
func EnsureDefaults(cfg *config.Config) {
// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
cfg.Log = &config.Log{
Level: cfg.Commons.Log.Level,
Pretty: cfg.Commons.Log.Pretty,
Color: cfg.Commons.Log.Color,
File: cfg.Commons.Log.File,
}
} else if cfg.Log == nil {
cfg.Log = &config.Log{}
}
// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
cfg.Tracing = &config.Tracing{
Enabled: cfg.Commons.Tracing.Enabled,
Type: cfg.Commons.Tracing.Type,
Endpoint: cfg.Commons.Tracing.Endpoint,
Collector: cfg.Commons.Tracing.Collector,
}
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
}
func Sanitize(cfg *config.Config) {
// nothing to sanitize here atm
}

8
extensions/glauth/pkg/config/ldap.go
View File

@@ -1,8 +0,0 @@
package config
// Ldap defines the available LDAP configuration.
type Ldap struct {
Enabled bool `yaml:"enabled" env:"GLAUTH_LDAP_ENABLED"`
Addr string `yaml:"addr" env:"GLAUTH_LDAP_ADDR"`
Namespace string `yaml:"-"`
}

10
extensions/glauth/pkg/config/ldaps.go
View File

@@ -1,10 +0,0 @@
package config
// Ldaps defined the available LDAPS configuration.
type Ldaps struct {
Enabled bool `yaml:"enabled" env:"GLAUTH_LDAPS_ENABLED"`
Addr string `yaml:"addr" env:"GLAUTH_LDAPS_ADDR"`
Namespace string `yaml:"-"`
Cert string `yaml:"cert" env:"GLAUTH_LDAPS_CERT"`
Key string `yaml:"key" env:"GLAUTH_LDAPS_KEY"`
}

9
extensions/glauth/pkg/config/log.go
View File

@@ -1,9 +0,0 @@
package config
// Log defines the available log configuration.
type Log struct {
Level string `mapstructure:"level" env:"OCIS_LOG_LEVEL;GLAUTH_LOG_LEVEL"`
Pretty bool `mapstructure:"pretty" env:"OCIS_LOG_PRETTY;GLAUTH_LOG_PRETTY"`
Color bool `mapstructure:"color" env:"OCIS_LOG_COLOR;GLAUTH_LOG_COLOR"`
File string `mapstructure:"file" env:"OCIS_LOG_FILE;GLAUTH_LOG_FILE"`
}

37
extensions/glauth/pkg/config/parser/parse.go
View File

@@ -1,37 +0,0 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
// sanitize config
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
return nil
}

6
extensions/glauth/pkg/config/service.go
View File

@@ -1,6 +0,0 @@
package config
// Service defines the available service configuration.
type Service struct {
Name string `yaml:"-"`
}

9
extensions/glauth/pkg/config/tracing.go
View File

@@ -1,9 +0,0 @@
package config
// Tracing defines the available tracing configuration.
type Tracing struct {
Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;GLAUTH_TRACING_ENABLED"`
Type string `yaml:"type" env:"OCIS_TRACING_TYPE;GLAUTH_TRACING_TYPE"`
Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;GLAUTH_TRACING_ENDPOINT"`
Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;GLAUTH_TRACING_COLLECTOR"`
}

17
extensions/glauth/pkg/logging/logging.go
View File

@@ -1,17 +0,0 @@
package logging
import (
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/log"
)
// LoggerFromConfig initializes a service-specific logger instance.
func Configure(name string, cfg *config.Log) log.Logger {
return log.NewLogger(
log.Name(name),
log.Level(cfg.Level),
log.Pretty(cfg.Pretty),
log.Color(cfg.Color),
log.File(cfg.File),
)
}

41
extensions/glauth/pkg/metrics/metrics.go
View File

@@ -1,41 +0,0 @@
package metrics
import "github.com/prometheus/client_golang/prometheus"
var (
// Namespace defines the namespace for the defines metrics.
Namespace = "ocis"
// Subsystem defines the subsystem for the defines metrics.
Subsystem = "glauth"
)
// Metrics defines the available metrics of this service.
type Metrics struct {
// Counter *prometheus.CounterVec
BuildInfo *prometheus.GaugeVec
}
// New initializes the available metrics.
func New() *Metrics {
m := &Metrics{
// Counter: prometheus.NewCounterVec(prometheus.CounterOpts{
// Namespace: Namespace,
// Subsystem: Subsystem,
// Name: "greet_total",
// Help: "How many greeting requests processed",
// }, []string{}),
BuildInfo: prometheus.NewGaugeVec(prometheus.GaugeOpts{
Namespace: Namespace,
Subsystem: Subsystem,
Name: "build_info",
Help: "Build Information",
}, []string{"version"}),
}
// prometheus.Register(
// m.Counter,
// )
return m
}

130
extensions/glauth/pkg/mlogr/mlogr.go
View File

@@ -1,130 +0,0 @@
package mlogr
import (
"errors"
"github.com/go-logr/logr"
plog "github.com/owncloud/ocis/v2/ocis-pkg/log"
"github.com/rs/zerolog"
)
const debugVerbosity = 6
const traceVerbosity = 8
// New returns a logr.Logger which is implemented by the log.
func New(l *plog.Logger) logr.Logger {
sink := logSink{
l: l,
verbosity: 0,
prefix: "glauth",
values: nil,
}
return logr.New(sink)
}
func (l logSink) Init(info logr.RuntimeInfo) {
}
// logSink is a logr.LogSink that uses the ocis-pkg log.
type logSink struct {
l *plog.Logger
verbosity int
prefix string
values []interface{}
}
func (l logSink) clone() logSink {
out := l
out.values = copySlice(l.values)
return out
}
func copySlice(in []interface{}) []interface{} {
out := make([]interface{}, len(in))
copy(out, in)
return out
}
// add converts a bunch of arbitrary key-value pairs into zerolog fields.
func add(e *zerolog.Event, keysAndVals []interface{}) {
// make sure we got an even number of arguments
if len(keysAndVals)%2 != 0 {
e.Interface("args", keysAndVals).
AnErr("zerologr-err", errors.New("odd number of arguments passed as key-value pairs for logging")).
Stack()
return
}
for i := 0; i < len(keysAndVals); {
// process a key-value pair,
// ensuring that the key is a string
key, val := keysAndVals[i], keysAndVals[i+1]
keyStr, isString := key.(string)
if !isString {
// if the key isn't a string, log additional error
e.Interface("invalid key", key).
AnErr("zerologr-err", errors.New("non-string key argument passed to logging, ignoring all later arguments")).
Stack()
return
}
e.Interface(keyStr, val)
i += 2
}
}
func (l logSink) Info(level int, msg string, kvList ...interface{}) {
if l.Enabled(level) {
var e *zerolog.Event
if l.verbosity < debugVerbosity {
e = l.l.Info()
} else if l.verbosity < traceVerbosity {
e = l.l.Debug()
} else {
e = l.l.Trace()
}
e.Int("verbosity", l.verbosity)
if l.prefix != "" {
e.Str("name", l.prefix)
}
add(e, l.values)
add(e, kvList)
e.Msg(msg)
}
}
func (l logSink) Enabled(level int) bool {
return true
}
func (l logSink) Error(err error, msg string, keysAndVals ...interface{}) {
e := l.l.Error().Err(err)
if l.prefix != "" {
e.Str("name", l.prefix)
}
add(e, l.values)
add(e, keysAndVals)
e.Msg(msg)
}
// WithName returns a new logr.LogSink with the specified name appended. zerologr
// uses '/' characters to separate name elements. Callers should not pass '/'
// in the provided name string, but this library does not actually enforce that.
func (l logSink) WithName(name string) logr.LogSink {
nl := l.clone()
if len(l.prefix) > 0 {
nl.prefix = l.prefix + "/"
}
nl.prefix += name
return nl
}
func (l logSink) WithValues(kvList ...interface{}) logr.LogSink {
nl := l.clone()
nl.values = append(nl.values, kvList...)
return nl
}
var _ logr.LogSink = logSink{}

50
extensions/glauth/pkg/server/debug/option.go
View File

@@ -1,50 +0,0 @@
package debug
import (
"context"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/log"
)
// Option defines a single option function.
type Option func(o *Options)
// Options defines the available options for this package.
type Options struct {
Logger log.Logger
Context context.Context
Config *config.Config
}
// newOptions initializes the available default options.
func newOptions(opts ...Option) Options {
opt := Options{}
for _, o := range opts {
o(&opt)
}
return opt
}
// Logger provides a function to set the logger option.
func Logger(val log.Logger) Option {
return func(o *Options) {
o.Logger = val
}
}
// Context provides a function to set the context option.
func Context(val context.Context) Option {
return func(o *Options) {
o.Context = val
}
}
// Config provides a function to set the config option.
func Config(val *config.Config) Option {
return func(o *Options) {
o.Config = val
}
}

59
extensions/glauth/pkg/server/debug/server.go
View File

@@ -1,59 +0,0 @@
package debug
import (
"io"
"net/http"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/service/debug"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
)
// Server initializes the debug service and server.
func Server(opts ...Option) (*http.Server, error) {
options := newOptions(opts...)
return debug.NewService(
debug.Logger(options.Logger),
debug.Name(options.Config.Service.Name),
debug.Version(version.String),
debug.Address(options.Config.Debug.Addr),
debug.Token(options.Config.Debug.Token),
debug.Pprof(options.Config.Debug.Pprof),
debug.Zpages(options.Config.Debug.Zpages),
debug.Health(health(options.Config)),
debug.Ready(ready(options.Config)),
), nil
}
// health implements the health check.
func health(cfg *config.Config) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.WriteHeader(http.StatusOK)
// TODO: check if services are up and running
_, err := io.WriteString(w, http.StatusText(http.StatusOK))
// io.WriteString should not fail but if it does we want to know.
if err != nil {
panic(err)
}
}
}
// ready implements the ready check.
func ready(cfg *config.Config) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.WriteHeader(http.StatusOK)
// TODO: check if services are up and running
_, err := io.WriteString(w, http.StatusText(http.StatusOK))
// io.WriteString should not fail but if it does we want to know.
if err != nil {
panic(err)
}
}
}

121
extensions/glauth/pkg/server/glauth/chain.go
View File

@@ -1,121 +0,0 @@
package glauth
import (
"net"
"github.com/glauth/glauth/v2/pkg/config"
"github.com/glauth/glauth/v2/pkg/handler"
"github.com/nmcclain/ldap"
"github.com/owncloud/ocis/v2/ocis-pkg/log"
)
type chainHandler struct {
log log.Logger
b handler.Handler
f handler.Handler
}
func (h chainHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (res ldap.LDAPResultCode, err error) {
h.log.Debug().
Str("binddn", bindDN).
Interface("src", conn.RemoteAddr()).
Str("handler", "chain").
Msg("Bind request")
res, err = h.b.Bind(bindDN, bindSimplePw, conn)
switch {
case err != nil:
h.log.Error().
Err(err).
Str("binddn", bindDN).
Interface("src", conn.RemoteAddr()).
Str("handler", "chain").
Msg("Bind request")
return h.f.Bind(bindDN, bindSimplePw, conn)
case res == ldap.LDAPResultInvalidCredentials:
return h.f.Bind(bindDN, bindSimplePw, conn)
}
return
}
func (h chainHandler) Search(bindDN string, searchReq ldap.SearchRequest, conn net.Conn) (res ldap.ServerSearchResult, err error) {
h.log.Debug().
Str("binddn", bindDN).
Interface("src", conn.RemoteAddr()).
Str("handler", "chain").
Msg("Search request")
res, err = h.b.Search(bindDN, searchReq, conn)
switch {
case err != nil:
h.log.Error().
Err(err).
Str("binddn", bindDN).
Interface("src", conn.RemoteAddr()).
Str("handler", "chain").
Msg("Search request")
return h.f.Search(bindDN, searchReq, conn)
case len(res.Entries) == 0:
// yes, we only fall back if there are no results in the first backend
// this is not supposed to work for searching lots of users, only to look up a single user
// searching multiple users would require merging result sets. out of scope for now.
return h.f.Search(bindDN, searchReq, conn)
}
return
}
func (h chainHandler) Close(boundDN string, conn net.Conn) error {
h.log.Debug().
Str("boundDN", boundDN).
Interface("src", conn.RemoteAddr()).
Str("handler", "chain").
Msg("Close request")
if err := h.b.Close(boundDN, conn); err != nil {
h.log.Error().
Err(err).
Str("boundDN", boundDN).
Interface("src", conn.RemoteAddr()).
Str("handler", "chain").
Msg("Close request")
}
if err := h.f.Close(boundDN, conn); err != nil {
h.log.Error().
Err(err).
Str("boundDN", boundDN).
Interface("src", conn.RemoteAddr()).
Str("handler", "chain").
Msg("Close request")
}
return nil
}
// Add is not yet supported for the chain backend
func (h chainHandler) Add(boundDN string, req ldap.AddRequest, conn net.Conn) (result ldap.LDAPResultCode, err error) {
return ldap.LDAPResultInsufficientAccessRights, nil
}
// Modify is not yet supported for the chain backend
func (h chainHandler) Modify(boundDN string, req ldap.ModifyRequest, conn net.Conn) (result ldap.LDAPResultCode, err error) {
return ldap.LDAPResultInsufficientAccessRights, nil
}
// Delete is not yet supported for the chain backend
func (h chainHandler) Delete(boundDN string, deleteDN string, conn net.Conn) (result ldap.LDAPResultCode, err error) {
return ldap.LDAPResultInsufficientAccessRights, nil
}
// FindUser with the given username. Called by the ldap backend to authenticate the bind. Optional
func (h chainHandler) FindUser(userName string, searchByUPN bool) (bool, config.User, error) {
return false, config.User{}, nil
}
// FindGroup is not yet supported for the chain backend
func (h chainHandler) FindGroup(groupName string) (bool, config.Group, error) {
return false, config.Group{}, nil
}
// NewChainHandler implements a chain backend with two backends
func NewChainHandler(log log.Logger, bh handler.Handler, fh handler.Handler) handler.Handler {
return chainHandler{
log: log,
b: bh,
f: fh,
}
}

555
extensions/glauth/pkg/server/glauth/ocis.go
View File

@@ -1,555 +0,0 @@
package glauth
import (
"context"
"encoding/json"
"fmt"
"net"
"strconv"
"strings"
accountsmsg "github.com/owncloud/ocis/v2/protogen/gen/ocis/messages/accounts/v0"
accountssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/accounts/v0"
"github.com/glauth/glauth/v2/pkg/config"
"github.com/glauth/glauth/v2/pkg/handler"
"github.com/glauth/glauth/v2/pkg/stats"
ber "github.com/nmcclain/asn1-ber"
"github.com/nmcclain/ldap"
"github.com/owncloud/ocis/v2/ocis-pkg/log"
"github.com/owncloud/ocis/v2/ocis-pkg/middleware"
"go-micro.dev/v4/metadata"
)
type queryType string
const (
usersQuery queryType = "users"
groupsQuery queryType = "groups"
)
type ocisHandler struct {
as accountssvc.AccountsService
gs accountssvc.GroupsService
log log.Logger
basedn string
nameFormat string
groupFormat string
rbid string
}
func (h ocisHandler) Bind(bindDN, bindSimplePw string, conn net.Conn) (ldap.LDAPResultCode, error) {
bindDN = strings.ToLower(bindDN)
baseDN := strings.ToLower("," + h.basedn)
h.log.Debug().
Str("handler", "ocis").
Str("binddn", bindDN).
Str("basedn", h.basedn).
Interface("src", conn.RemoteAddr()).
Msg("Bind request")
stats.Frontend.Add("bind_reqs", 1)
// parse the bindDN - ensure that the bindDN ends with the BaseDN
if !strings.HasSuffix(bindDN, baseDN) {
h.log.Error().
Str("handler", "ocis").
Str("binddn", bindDN).
Str("basedn", h.basedn).
Interface("src", conn.RemoteAddr()).
Msg("BindDN not part of our BaseDN")
return ldap.LDAPResultInvalidCredentials, nil
}
parts := strings.Split(strings.TrimSuffix(bindDN, baseDN), ",")
if len(parts) > 2 {
h.log.Error().
Str("handler", "ocis").
Str("binddn", bindDN).
Int("numparts", len(parts)).
Interface("src", conn.RemoteAddr()).
Msg("BindDN should have only one or two parts")
return ldap.LDAPResultInvalidCredentials, nil
}
userName := strings.TrimPrefix(parts[0], "cn=")
// TODO make glauth context aware
ctx := context.Background()
// use a session with the bound user?
roleIDs, err := json.Marshal([]string{h.rbid})
if err != nil {
h.log.Error().
Err(err).
Str("handler", "ocis").
Msg("could not marshal roleid json")
return ldap.LDAPResultOperationsError, nil
}
ctx = metadata.Set(ctx, middleware.RoleIDs, string(roleIDs))
// check password
res, err := h.as.ListAccounts(ctx, &accountssvc.ListAccountsRequest{
//Query: fmt.Sprintf("username eq '%s'", username),
// TODO this allows looking up users when you know the username using basic auth
// adding the password to the query is an option but sending this over the wire a la scim seems ugly
// but to set passwords our accounts need it anyway
Query: fmt.Sprintf("login eq '%s' and password eq '%s'", userName, bindSimplePw),
})
if err != nil || len(res.Accounts) == 0 {
h.log.Error().
Err(err).
Str("handler", "ocis").
Str("username", userName).
Str("binddn", bindDN).
Interface("src", conn.RemoteAddr()).
Msg("Login failed")
return ldap.LDAPResultInvalidCredentials, nil
}
stats.Frontend.Add("bind_successes", 1)
h.log.Debug().
Str("handler", "ocis").
Str("binddn", bindDN).
Interface("src", conn.RemoteAddr()).
Msg("Bind success")
return ldap.LDAPResultSuccess, nil
}
func (h ocisHandler) Search(bindDN string, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {
bindDN = strings.ToLower(bindDN)
baseDN := strings.ToLower("," + h.basedn)
searchBaseDN := strings.ToLower(searchReq.BaseDN)
h.log.Debug().
Str("handler", "ocis").
Str("binddn", bindDN).
Str("basedn", h.basedn).
Str("filter", searchReq.Filter).
Interface("src", conn.RemoteAddr()).
Msg("Search request")
stats.Frontend.Add("search_reqs", 1)
// validate the user is authenticated and has appropriate access
if len(bindDN) < 1 {
return ldap.ServerSearchResult{
ResultCode: ldap.LDAPResultInsufficientAccessRights,
}, fmt.Errorf("search error: Anonymous BindDN not allowed %s", bindDN)
}
if !strings.HasSuffix(bindDN, baseDN) {
return ldap.ServerSearchResult{
ResultCode: ldap.LDAPResultInsufficientAccessRights,
}, fmt.Errorf("search error: BindDN %s not in our BaseDN %s", bindDN, h.basedn)
}
if !strings.HasSuffix(searchBaseDN, h.basedn) {
return ldap.ServerSearchResult{
ResultCode: ldap.LDAPResultInsufficientAccessRights,
}, fmt.Errorf("search error: search BaseDN %s is not in our BaseDN %s", searchBaseDN, h.basedn)
}
var qtype queryType = ""
query := ""
var code ldap.LDAPResultCode
var err error
if searchReq.Filter == "(&)" { // see Absolute True and False Filters in https://tools.ietf.org/html/rfc4526#section-2
query = ""
} else {
var cf *ber.Packet
cf, err = ldap.CompileFilter(searchReq.Filter)
if err != nil {
h.log.Error().
Err(err).
Str("handler", "ocis").
Str("binddn", bindDN).
Str("basedn", h.basedn).
Str("filter", searchReq.Filter).
Interface("src", conn.RemoteAddr()).
Msg("could not compile filter")
return ldap.ServerSearchResult{
ResultCode: ldap.LDAPResultOperationsError,
}, fmt.Errorf("Search Error: error compiling filter: %s, error: %s", searchReq.Filter, err.Error())
}
qtype, query, code, err = parseFilter(cf)
if err != nil {
return ldap.ServerSearchResult{
ResultCode: code,
}, fmt.Errorf("Search Error: error parsing filter: %s, error: %s", searchReq.Filter, err.Error())
}
// check if the searchBaseDN already has a username and add it to the query
parts := strings.Split(strings.TrimSuffix(searchBaseDN, baseDN), ",")
if len(parts) > 0 && strings.HasPrefix(parts[0], "cn=") {
if len(query) > 0 {
query += " AND "
}
query += fmt.Sprintf("on_premises_sam_account_name eq '%s'", escapeValue(strings.TrimPrefix(parts[0], "cn=")))
}
}
// TODO make glauth context aware
ctx := context.Background()
// use a session with the bound user?
roleIDs, err := json.Marshal([]string{h.rbid})
if err != nil {
h.log.Error().
Err(err).
Str("handler", "ocis").
Msg("could not marshal roleid json")
return ldap.ServerSearchResult{
ResultCode: ldap.LDAPResultOperationsError,
}, nil
}
ctx = metadata.Set(ctx, middleware.RoleIDs, string(roleIDs))
entries := []*ldap.Entry{}
h.log.Debug().
Str("handler", "ocis").
Str("binddn", bindDN).
Str("basedn", h.basedn).
Str("filter", searchReq.Filter).
Str("qtype", string(qtype)).
Str("query", query).
Msg("parsed query")
switch qtype {
case usersQuery:
accounts, err := h.as.ListAccounts(ctx, &accountssvc.ListAccountsRequest{
Query: query,
})
if err != nil {
h.log.Error().
Err(err).
Str("handler", "ocis").
Str("binddn", bindDN).
Str("basedn", h.basedn).
Str("filter", searchReq.Filter).
Str("query", query).
Interface("src", conn.RemoteAddr()).
Msg("Could not list accounts")
return ldap.ServerSearchResult{
ResultCode: ldap.LDAPResultOperationsError,
}, fmt.Errorf("search error: error listing users")
}
entries = append(entries, h.mapAccounts(accounts.Accounts)...)
case groupsQuery:
groups, err := h.gs.ListGroups(ctx, &accountssvc.ListGroupsRequest{
Query: query,
})
if err != nil {
h.log.Error().
Err(err).
Str("handler", "ocis").
Str("binddn", bindDN).
Str("basedn", h.basedn).
Str("filter", searchReq.Filter).
Str("query", query).
Interface("src", conn.RemoteAddr()).
Msg("Could not list groups")
return ldap.ServerSearchResult{
ResultCode: ldap.LDAPResultOperationsError,
}, fmt.Errorf("search error: error listing groups")
}
entries = append(entries, h.mapGroups(groups.Groups)...)
}
stats.Frontend.Add("search_successes", 1)
h.log.Debug().
Str("handler", "ocis").
Int("num_entries", len(entries)).
Str("binddn", bindDN).
Str("basedn", h.basedn).
Str("filter", searchReq.Filter).
Interface("src", conn.RemoteAddr()).
Msg("AP: Search OK")
return ldap.ServerSearchResult{
Entries: entries,
Referrals: []string{},
Controls: []ldap.Control{},
ResultCode: ldap.LDAPResultSuccess,
}, nil
}
func attribute(name string, values ...string) *ldap.EntryAttribute {
return &ldap.EntryAttribute{
Name: name,
Values: values,
}
}
func (h ocisHandler) mapAccounts(accounts []*accountsmsg.Account) []*ldap.Entry {
entries := make([]*ldap.Entry, 0, len(accounts))
for i := range accounts {
attrs := []*ldap.EntryAttribute{
attribute("objectClass", "posixAccount", "inetOrgPerson", "organizationalPerson", "Person", "top"),
attribute("cn", accounts[i].PreferredName),
attribute("uid", accounts[i].PreferredName),
attribute("sn", accounts[i].PreferredName),
attribute("homeDirectory", ""),
attribute("ownCloudUUID", accounts[i].Id), // see https://github.com/butonic/owncloud-ldap-schema/blob/master/owncloud.schema#L28-L34
}
if accounts[i].DisplayName != "" {
attrs = append(attrs, attribute("displayName", accounts[i].DisplayName))
}
if accounts[i].Mail != "" {
attrs = append(attrs, attribute("mail", accounts[i].Mail))
}
if accounts[i].UidNumber != 0 { // TODO no root?
attrs = append(attrs, attribute("uidnumber", strconv.FormatInt(accounts[i].UidNumber, 10)))
}
if accounts[i].GidNumber != 0 {
attrs = append(attrs, attribute("gidnumber", strconv.FormatInt(accounts[i].GidNumber, 10)))
}
if accounts[i].Description != "" {
attrs = append(attrs, attribute("description", accounts[i].Description))
}
dn := fmt.Sprintf("%s=%s,%s=%s,%s",
h.nameFormat,
accounts[i].PreferredName,
h.groupFormat,
"users",
h.basedn,
)
entries = append(entries, &ldap.Entry{DN: dn, Attributes: attrs})
}
return entries
}
func (h ocisHandler) mapGroups(groups []*accountsmsg.Group) []*ldap.Entry {
entries := make([]*ldap.Entry, 0, len(groups))
for i := range groups {
attrs := []*ldap.EntryAttribute{
attribute("objectClass", "posixGroup", "groupOfNames", "top"),
attribute("cn", groups[i].OnPremisesSamAccountName),
attribute("ownCloudUUID", groups[i].Id), // see https://github.com/butonic/owncloud-ldap-schema/blob/master/owncloud.schema#L28-L34
}
if groups[i].DisplayName != "" {
attrs = append(attrs, attribute("displayName", groups[i].DisplayName))
}
if groups[i].GidNumber != 0 {
attrs = append(attrs, attribute("gidnumber", strconv.FormatInt(groups[i].GidNumber, 10)))
}
if groups[i].Description != "" {
attrs = append(attrs, attribute("description", groups[i].Description))
}
dn := fmt.Sprintf("%s=%s,%s=%s,%s",
h.nameFormat,
groups[i].OnPremisesSamAccountName,
h.groupFormat,
"groups",
h.basedn,
)
memberUids := make([]string, len(groups[i].Members))
for j := range groups[i].Members {
memberUids[j] = groups[i].Members[j].PreferredName
}
attrs = append(attrs, attribute("memberuid", memberUids...))
entries = append(entries, &ldap.Entry{DN: dn, Attributes: attrs})
}
return entries
}
// LDAP filters might ask for groups and users at the same time, eg.
// (|
// (&(objectClass=posixaccount)(cn=einstein))
// (&(objectClass=posixgroup)(cn=users))
// )
// (&(objectClass=posixaccount)(objectClass=posixgroup))
// qtype is one of
// "" not determined
// "users"
// "groups"
func parseFilter(f *ber.Packet) (queryType, string, ldap.LDAPResultCode, error) {
var qtype queryType
var q string
var code ldap.LDAPResultCode
var err error
switch ldap.FilterMap[f.Tag] {
case "Present":
if len(f.Children) != 0 {
return "", "", ldap.LDAPResultOperationsError, fmt.Errorf("equality match must have no children, got %+v", f)
}
attribute := strings.ToLower(f.Data.String())
if attribute == "objectclass" {
// TODO implement proper present odata query, for now fall back to listing users
return "users", q, code, err
}
return qtype, q, ldap.LDAPResultUnwillingToPerform, fmt.Errorf("%s filter match for %s not implemented", ldap.FilterMap[f.Tag], attribute)
case "Equality Match":
if len(f.Children) != 2 {
return "", "", ldap.LDAPResultOperationsError, fmt.Errorf("equality match must have exactly two children")
}
attribute := strings.ToLower(f.Children[0].Value.(string))
value := f.Children[1].Value.(string)
// replace attributes
switch attribute {
case "objectclass":
switch strings.ToLower(value) {
case "posixaccount", "shadowaccount", "users", "person", "inetorgperson", "organizationalperson":
qtype = usersQuery
case "posixgroup", "groups":
qtype = groupsQuery
case "*":
// TODO not implemented yet
qtype = usersQuery
default:
qtype = ""
}
case "ownclouduuid":
q = fmt.Sprintf("id eq '%s'", escapeValue(value))
case "cn", "uid":
// on_premises_sam_account_name is indexed using the lowercase analyzer in ocis-accounts
// TODO use "tolower(on_premises_sam_account_name) eq '%s'" to be clear about the case insensitive comparison
q = fmt.Sprintf("on_premises_sam_account_name eq '%s'", escapeValue(value))
case "mail":
q = fmt.Sprintf("mail eq '%s'", escapeValue(value))
case "displayname":
q = fmt.Sprintf("display_name eq '%s'", escapeValue(value))
case "uidnumber":
if i, err := strconv.ParseUint(value, 10, 64); err != nil {
code = ldap.LDAPResultInvalidAttributeSyntax
} else {
q = fmt.Sprintf("uid_number eq %d", i)
}
case "gidnumber":
if i, err := strconv.ParseUint(value, 10, 64); err != nil {
code = ldap.LDAPResultInvalidAttributeSyntax
} else {
q = fmt.Sprintf("gid_number eq %d", i)
}
case "description":
q = fmt.Sprintf("description eq '%s'", escapeValue(value))
default:
code = ldap.LDAPResultUndefinedAttributeType
err = fmt.Errorf("unrecognized assertion type '%s' in filter item", attribute)
}
return qtype, q, code, err
case "Substrings":
if len(f.Children) != 2 {
return "", "", ldap.LDAPResultOperationsError, fmt.Errorf("substrings filter must have exactly two children")
}
attribute := strings.ToLower(f.Children[0].Value.(string))
if len(f.Children[1].Children) != 1 {
return "", "", ldap.LDAPResultUnwillingToPerform, fmt.Errorf("substrings filter only supports prefix match")
}
value := f.Children[1].Children[0].Value.(string)
// replace attributes
switch attribute {
case "objectclass":
switch strings.ToLower(value) {
case "posixaccount", "shadowaccount", "users", "person", "inetorgperson", "organizationalperson":
qtype = usersQuery
case "posixgroup", "groups":
qtype = groupsQuery
default:
qtype = ""
}
case "ownclouduuid":
q = fmt.Sprintf("startswith(id,'%s')", escapeValue(value))
case "cn", "uid":
// on_premises_sam_account_name is indexed using the lowercase analyzer in ocis-accounts
// TODO use "tolower(on_premises_sam_account_name) eq '%s'" to be clear about the case insensitive comparison
q = fmt.Sprintf("startswith(on_premises_sam_account_name,'%s')", escapeValue(value))
case "mail":
q = fmt.Sprintf("startswith(mail,'%s')", escapeValue(value))
case "displayname":
q = fmt.Sprintf("startswith(display_name,'%s')", escapeValue(value))
case "description":
q = fmt.Sprintf("startswith(description,'%s')", escapeValue(value))
default:
code = ldap.LDAPResultUndefinedAttributeType
err = fmt.Errorf("unrecognized assertion type '%s' in filter item", attribute)
}
return qtype, q, code, err
case "And", "Or":
subQueries := []string{}
for i := range f.Children {
var subQuery string
var qt queryType
qt, subQuery, code, err = parseFilter(f.Children[i])
if err != nil {
return "", "", code, err
}
if qtype == "" {
qtype = qt
} else if qt != "" && qt != qtype {
return "", "", ldap.LDAPResultUnwillingToPerform, fmt.Errorf("mixing user and group filters not supported")
}
if subQuery != "" {
subQueries = append(subQueries, subQuery)
}
}
return qtype, strings.Join(subQueries, " "+strings.ToLower(ldap.FilterMap[f.Tag])+" "), ldap.LDAPResultSuccess, nil
case "Not":
if len(f.Children) != 1 {
return "", "", ldap.LDAPResultOperationsError, fmt.Errorf("not filter match must have exactly one child")
}
qtype, subQuery, code, err := parseFilter(f.Children[0])
if err != nil {
return "", "", code, err
}
if subQuery != "" {
q = fmt.Sprintf("not %s", subQuery)
}
return qtype, q, code, nil
}
return qtype, q, ldap.LDAPResultUnwillingToPerform, fmt.Errorf("%s filter not implemented", ldap.FilterMap[f.Tag])
}
// escapeValue escapes all special characters in the value
func escapeValue(value string) string {
return strings.ReplaceAll(value, "'", "''")
}
func (h ocisHandler) Close(boundDN string, conn net.Conn) error {
stats.Frontend.Add("closes", 1)
return nil
}
// Add is not yet supported for the ocis backend
func (h ocisHandler) Add(boundDN string, req ldap.AddRequest, conn net.Conn) (result ldap.LDAPResultCode, err error) {
return ldap.LDAPResultInsufficientAccessRights, nil
}
// Modify is not yet supported for the ocis backend
func (h ocisHandler) Modify(boundDN string, req ldap.ModifyRequest, conn net.Conn) (result ldap.LDAPResultCode, err error) {
return ldap.LDAPResultInsufficientAccessRights, nil
}
// Delete is not yet supported for the ocis backend
func (h ocisHandler) Delete(boundDN string, deleteDN string, conn net.Conn) (result ldap.LDAPResultCode, err error) {
return ldap.LDAPResultInsufficientAccessRights, nil
}
// FindUser with the given username
func (h ocisHandler) FindUser(userName string, searchByUPN bool) (found bool, user config.User, err error) {
return false, config.User{}, nil
}
// FindGroup with the given groupname
func (h ocisHandler) FindGroup(groupName string) (found bool, user config.Group, err error) {
return false, config.Group{}, nil
}
// NewOCISHandler implements a glauth backend with ocis-accounts as the datasource
func NewOCISHandler(opts ...Option) handler.Handler {
options := newOptions(opts...)
handler := ocisHandler{
log: options.Logger,
as: options.AccountsService,
gs: options.GroupsService,
basedn: options.BaseDN,
nameFormat: options.NameFormat,
groupFormat: options.GroupFormat,
rbid: options.RoleBundleUUID,
}
return handler
}

124
extensions/glauth/pkg/server/glauth/option.go
View File

@@ -1,124 +0,0 @@
package glauth
import (
"context"
accountssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/accounts/v0"
"github.com/glauth/glauth/v2/pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/log"
)
// Option defines a single option function.
type Option func(o *Options)
// Options defines the available options for this package.
type Options struct {
Logger log.Logger
Context context.Context
LDAP *config.LDAP
LDAPS *config.LDAPS
Backend *config.Config
Fallback *config.Config
BaseDN string
NameFormat string
GroupFormat string
RoleBundleUUID string
AccountsService accountssvc.AccountsService
GroupsService accountssvc.GroupsService
}
// newOptions initializes the available default options.
func newOptions(opts ...Option) Options {
opt := Options{}
for _, o := range opts {
o(&opt)
}
return opt
}
// Logger provides a function to set the logger option.
func Logger(val log.Logger) Option {
return func(o *Options) {
o.Logger = val
}
}
// Context provides a function to set the context option.
func Context(val context.Context) Option {
return func(o *Options) {
o.Context = val
}
}
// LDAP provides a function to set the LDAP option.
func LDAP(val *config.LDAP) Option {
return func(o *Options) {
o.LDAP = val
}
}
// LDAPS provides a function to set the LDAPS option.
func LDAPS(val *config.LDAPS) Option {
return func(o *Options) {
o.LDAPS = val
}
}
// Backend provides a function to set the backend option.
func Backend(val *config.Config) Option {
return func(o *Options) {
o.Backend = val
}
}
// Fallback provides a string to set the fallback option.
func Fallback(val *config.Config) Option {
return func(o *Options) {
o.Fallback = val
}
}
// BaseDN provides a string to set the BaseDN option.
func BaseDN(val string) Option {
return func(o *Options) {
o.BaseDN = val
}
}
// NameFormat provides a string to set the NameFormat option.
func NameFormat(val string) Option {
return func(o *Options) {
o.NameFormat = val
}
}
// GroupFormat provides a string to set the GroupFormat option.
func GroupFormat(val string) Option {
return func(o *Options) {
o.GroupFormat = val
}
}
// AccountsService provides an AccountsService client to set the AccountsService option.
func AccountsService(val accountssvc.AccountsService) Option {
return func(o *Options) {
o.AccountsService = val
}
}
// GroupsService provides an GroupsService client to set the GroupsService option.
func GroupsService(val accountssvc.GroupsService) Option {
return func(o *Options) {
o.GroupsService = val
}
}
// RoleBundleUUID provides a role bundle UUID to make internal grpc requests.
func RoleBundleUUID(val string) Option {
return func(o *Options) {
o.RoleBundleUUID = val
}
}

155
extensions/glauth/pkg/server/glauth/server.go
View File

@@ -1,155 +0,0 @@
package glauth
import (
"errors"
"fmt"
"github.com/GeertJohan/yubigo"
"github.com/glauth/glauth/v2/pkg/config"
"github.com/glauth/glauth/v2/pkg/handler"
"github.com/go-logr/logr"
"github.com/nmcclain/ldap"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/mlogr"
)
// LdapSvc holds the ldap server struct
type LdapSvc struct {
log logr.Logger
ldap *config.LDAP
ldaps *config.LDAPS
backend *config.Config
fallback *config.Config
yubiAuth *yubigo.YubiAuth
l *ldap.Server
}
// Server initializes the ldap server.
// It is a fork github.com/glauth/pkg/server because it would introduce a go-micro dependency upstream.
func Server(opts ...Option) (*LdapSvc, error) {
options := newOptions(opts...)
s := LdapSvc{
log: mlogr.New(&options.Logger),
backend: options.Backend,
fallback: options.Fallback,
ldap: options.LDAP,
ldaps: options.LDAPS,
}
var err error
if len(s.backend.YubikeyClientID) > 0 && len(s.backend.YubikeySecret) > 0 {
s.yubiAuth, err = yubigo.NewYubiAuth(s.backend.YubikeyClientID, s.backend.YubikeySecret)
if err != nil {
return nil, errors.New("yubikey auth failed")
}
}
// configure the backend
s.l = ldap.NewServer()
s.l.EnforceLDAP = true
var bh handler.Handler
switch s.backend.Backend.Datastore {
/* TODO bring back file config
case "config":
bh = handler.NewConfigHandler(
handler.Logger(s.log),
handler.Config(s.c),
handler.YubiAuth(s.yubiAuth),
)
*/
case "ldap":
bh = handler.NewLdapHandler(
handler.Logger(s.log),
handler.Backend(s.backend.Backend),
)
case "owncloud":
bh = handler.NewOwnCloudHandler(
handler.Logger(s.log),
handler.Backend(s.backend.Backend),
)
case "accounts":
bh = NewOCISHandler(
AccountsService(options.AccountsService),
GroupsService(options.GroupsService),
Logger(options.Logger),
BaseDN(s.backend.Backend.BaseDN),
NameFormat(s.backend.Backend.NameFormat),
GroupFormat(s.backend.Backend.GroupFormat),
RoleBundleUUID(options.RoleBundleUUID),
)
default:
return nil, fmt.Errorf("unsupported backend %s - must be 'ldap', 'owncloud' or 'accounts'", s.backend.Backend.Datastore)
}
s.log.V(3).Info("Using backend", "backend", s.backend.Backend)
if s.fallback != nil && s.fallback.Backend.Datastore != "" {
var fh handler.Handler
switch s.fallback.Backend.Datastore {
/* TODO bring back file config
case "config":
fh = handler.NewConfigHandler(
handler.Logger(s.log),
handler.Config(s.c),
handler.YubiAuth(s.yubiAuth),
)
*/
case "ldap":
fh = handler.NewLdapHandler(
handler.Logger(s.log),
handler.Backend(s.fallback.Backend),
)
case "owncloud":
fh = handler.NewOwnCloudHandler(
handler.Logger(s.log),
handler.Backend(s.fallback.Backend),
)
case "accounts":
fh = NewOCISHandler(
AccountsService(options.AccountsService),
GroupsService(options.GroupsService),
Logger(options.Logger),
BaseDN(s.fallback.Backend.BaseDN),
NameFormat(s.fallback.Backend.NameFormat),
GroupFormat(s.fallback.Backend.GroupFormat),
RoleBundleUUID(options.RoleBundleUUID),
)
default:
return nil, fmt.Errorf("unsupported fallback %s - must be 'ldap', 'owncloud' or 'accounts'", s.fallback.Backend.Datastore)
}
s.log.V(3).Info("Using fallback", "backend", s.fallback.Backend)
bh = NewChainHandler(options.Logger, bh, fh)
}
s.l.BindFunc(s.backend.Backend.BaseDN, bh)
s.l.SearchFunc(s.backend.Backend.BaseDN, bh)
s.l.CloseFunc(s.backend.Backend.BaseDN, bh)
return &s, nil
}
// ListenAndServe listens on the TCP network address s.c.LDAP.Listen
func (s *LdapSvc) ListenAndServe() error {
s.log.V(3).Info("ldap server listening", "address", s.ldap.Listen)
return s.l.ListenAndServe(s.ldap.Listen)
}
// ListenAndServeTLS listens on the TCP network address s.c.LDAPS.Listen
func (s *LdapSvc) ListenAndServeTLS() error {
s.log.V(3).Info("ldaps server listening", "address", s.ldaps.Listen)
return s.l.ListenAndServeTLS(
s.ldaps.Listen,
s.ldaps.Cert,
s.ldaps.Key,
)
}
// Shutdown ends listeners by sending true to the ldap serves quit channel
func (s *LdapSvc) Shutdown() {
s.l.Quit <- true
}

23
extensions/glauth/pkg/tracing/tracing.go
View File

@@ -1,23 +0,0 @@
package tracing
import (
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
pkgtrace "github.com/owncloud/ocis/v2/ocis-pkg/tracing"
"go.opentelemetry.io/otel/trace"
)
var (
// TraceProvider is the global trace provider for the glauth service.
TraceProvider = trace.NewNoopTracerProvider()
)
func Configure(cfg *config.Config) error {
var err error
if cfg.Tracing.Enabled {
if TraceProvider, err = pkgtrace.GetTraceProvider(cfg.Tracing.Endpoint, cfg.Tracing.Collector, cfg.Service.Name, cfg.Tracing.Type); err != nil {
return err
}
}
return nil
}

2
extensions/glauth/reflex.conf
View File

@@ -1,2 +0,0 @@
# backend
-r '^(cmd|pkg)/.*\.go$' -R '^node_modules/' -s -- sh -c 'make bin/ocis-glauth-debug && bin/ocis-glauth-debug --log-level debug server --debug-pprof --debug-zpages'

11
go.mod
View File

@@ -4,7 +4,6 @@ go 1.17
require (
github.com/CiscoM31/godata v1.0.5
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e
github.com/Masterminds/semver v1.5.0
github.com/ReneKroon/ttlcache/v2 v2.11.0
github.com/blevesearch/bleve/v2 v2.3.2
@@ -13,13 +12,11 @@ require (
github.com/cs3org/go-cs3apis v0.0.0-20220412090512-93c5918b4bde
github.com/cs3org/reva/v2 v2.3.2-0.20220511062620-573cbbef3917
github.com/disintegration/imaging v1.6.2
github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733
github.com/go-chi/chi/v5 v5.0.7
github.com/go-chi/cors v1.2.1
github.com/go-chi/render v1.0.1
github.com/go-ldap/ldap/v3 v3.4.3
github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3
github.com/go-logr/logr v1.2.3
github.com/go-micro/plugins/v4/client/grpc v1.0.0
github.com/go-micro/plugins/v4/events/natsjs v1.0.1
github.com/go-micro/plugins/v4/logger/zerolog v1.0.0
@@ -49,8 +46,6 @@ require (
github.com/mitchellh/mapstructure v1.5.0
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
github.com/nats-io/nats-server/v2 v2.8.2
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba
github.com/oklog/run v1.1.0
github.com/olekukonko/tablewriter v0.0.5
github.com/onsi/ginkgo v1.16.5
@@ -120,7 +115,6 @@ require (
github.com/blevesearch/zapx/v15 v15.3.3 // indirect
github.com/bluele/gcache v0.0.2 // indirect
github.com/bmizerany/pat v0.0.0-20210406213842-e4b6760bdd6f // indirect
github.com/boombuler/barcode v1.0.1 // indirect
github.com/cenkalti/backoff v2.2.1+incompatible // indirect
github.com/ceph/go-ceph v0.15.0 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
@@ -150,6 +144,7 @@ require (
github.com/go-git/go-git/v5 v5.4.2 // indirect
github.com/go-kit/log v0.2.0 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-sql-driver/mysql v1.6.0 // indirect
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
@@ -220,14 +215,11 @@ require (
github.com/pkg/xattr v0.4.5 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/pquerna/cachecontrol v0.1.0 // indirect
github.com/pquerna/otp v1.3.0 // indirect
github.com/prometheus/alertmanager v0.24.0 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.32.1 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/prometheus/statsd_exporter v0.22.4 // indirect
github.com/rickb777/date v1.17.0 // indirect
github.com/rickb777/plural v1.4.1 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rs/cors v1.8.2 // indirect
github.com/rs/xid v1.3.0 // indirect
@@ -246,7 +238,6 @@ require (
github.com/tus/tusd v1.8.0 // indirect
github.com/wk8/go-ordered-map v0.2.0 // indirect
github.com/xanzy/ssh-agent v0.3.1 // indirect
github.com/yaegashi/msgraph.go v0.1.4 // indirect
go.etcd.io/bbolt v1.3.6 // indirect
go.etcd.io/etcd/api/v3 v3.5.2 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.2 // indirect

34
go.sum
View File

@@ -87,8 +87,6 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
github.com/CiscoM31/godata v1.0.5 h1:AITXpa/5ybXEq59A0nqUGiS7ZXVJnQtFw5o09tyN/UA=
github.com/CiscoM31/godata v1.0.5/go.mod h1:wcmFm66GMdOE316TgwFO1wo5ainCvTK26omd93oZf2M=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e h1:Bqtt5C+uVk+vH/t5dmB47uDCTwxw16EYHqvJnmY2aQc=
github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e/go.mod h1:njRCDrl+1RQ/A/+KVU8Ho2EWAxUSkohOWczdW3dzDG0=
github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
@@ -140,7 +138,6 @@ github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb
github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
github.com/arl/statsviz v0.4.0/go.mod h1:+5inUy/dxy11x/KSmicG3ZrEEy0Yr81AFm3dn4QC04M=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -221,8 +218,6 @@ github.com/bmizerany/pat v0.0.0-20170815010413-6226ea591a40/go.mod h1:8rLXio+Wji
github.com/bmizerany/pat v0.0.0-20210406213842-e4b6760bdd6f h1:gOO/tNZMjjvTKZWpY7YnXC72ULNLErRtp94LountVE8=
github.com/bmizerany/pat v0.0.0-20210406213842-e4b6760bdd6f/go.mod h1:8rLXio+WjiTceGBHIoTvn60HIbs7Hm7bcHjyrSqYB9c=
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/c-bata/go-prompt v0.2.5/go.mod h1:vFnjEGDIIA/Lib7giyE4E9c50Lvl8j0S+7FVlAwDAVw=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
@@ -331,7 +326,6 @@ github.com/dnsimple/dnsimple-go v0.63.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c
github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
@@ -376,8 +370,6 @@ github.com/gdexlab/go-render v1.0.1 h1:rxqB3vo5s4n1kF0ySmoNeSPRYkEsyHgln4jFIQY7v
github.com/gdexlab/go-render v1.0.1/go.mod h1:wRi5nW2qfjiGj4mPukH4UV0IknS1cHD4VgFTmJX5JzM=
github.com/getkin/kin-openapi v0.13.0/go.mod h1:WGRs2ZMM1Q8LR1QBEwUxC6RJEfaBcD0s+pcEVXFuAjw=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733 h1:MK+W6dk4GV3g8ofk7+H/T9zBlNdgG55jJeb5+LsBKVo=
github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733/go.mod h1:JvR27X1t1ODMyV5HoPlS7U4K3MIMqC93FkowSrOEZcw=
github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
github.com/go-acme/lego/v4 v4.4.0/go.mod h1:l3+tFUFZb590dWcqhWZegynUthtaHJbG2fevUpoOOE0=
@@ -425,7 +417,6 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -484,7 +475,6 @@ github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTM
github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -742,7 +732,6 @@ github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87/go.mod h1:CtWFDAQg
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/hydronica/toml v0.4.2/go.mod h1:c7QhbYq3Wp9SlOWuG7MAieKUyXP2P/hXhy/YqWfbS/4=
github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0=
github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -761,7 +750,6 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@@ -834,7 +822,6 @@ github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c
github.com/labstack/echo/v4 v4.1.11/go.mod h1:i541M3Fj6f76NZtHSj7TXnyM8n2gaodfvfxNnFqi74g=
github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/libregraph/idm v0.3.1-0.20220315094434-e9a5cff3dd05 h1:/I4f6c7ZGw16oTBAyhCD9Tf+arBHGvmxL9Drs/KRkRc=
github.com/libregraph/idm v0.3.1-0.20220315094434-e9a5cff3dd05/go.mod h1:YQ21AOfZPcCZWX1uJYULZ8hNdrmxStg6egvXaS+ZvOM=
github.com/libregraph/lico v0.54.1-0.20220325072321-31efc3995d63 h1:oPqyRePmq+59YF1tAur7WXuM/z/epRd+HGGyPPx2Vv8=
@@ -885,7 +872,6 @@ github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v1.14.10/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
@@ -990,10 +976,6 @@ github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 h1:D9EvfGQvlkKaDr2CRKN++7HbSXbefUNDrPq60T+g24s=
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484/go.mod h1:O1EljZ+oHprtxDDPHiMWVo/5dBT6PlvWX5PSwj80aBA=
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba h1:DO8NFYdcRv1dnyAINJIBm6Bw2XibtLvQniNFGzf2W8E=
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba/go.mod h1:4S0XndRL8HNOaQBfdViJ2F/GPCgL524xlXRuXFH12/U=
github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI=
github.com/nrdcg/desec v0.5.0/go.mod h1:2ejvMazkav1VdDbv2HeQO7w+Ta1CGHqzQr27ZBYTuEQ=
github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ=
@@ -1025,7 +1007,6 @@ github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1y
github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
@@ -1066,7 +1047,6 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc=
github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs=
github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
github.com/prometheus/alertmanager v0.24.0 h1:HBWR3lk4uy3ys+naDZthDdV7yEsxpaNeZuUS+hJgrOw=
github.com/prometheus/alertmanager v0.24.0/go.mod h1:r6fy/D7FRuZh5YbnX6J3MBY0eI4Pb5yPYS7/bPSXXqI=
@@ -1123,12 +1103,6 @@ github.com/prometheus/statsd_exporter v0.22.4/go.mod h1:N4Z1+iSqc9rnxlT1N8Qn3l65
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKcyumwBO6qip7RNQ5r77yrssm9bfCowcLEBcU5IA=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/rickb777/date v1.12.4/go.mod h1:xP0eo/I5qmUt97yRGClHZfyLZ3ikMw6v6SU5MOGZTE0=
github.com/rickb777/date v1.17.0 h1:Qk1MUtTLFfIWYhRaNRyk1t7LmjfkjOEELacQPsoh7Nw=
github.com/rickb777/date v1.17.0/go.mod h1:b3AnLwjEdg1YWLUFnAd/lUq3JDJmMRXi/Onm8q0zlQg=
github.com/rickb777/plural v1.2.0/go.mod h1:UdpyWFCGbo3mvK3f/PfZOAOrkjzJlYN/sD46XNWJ+Es=
github.com/rickb777/plural v1.4.1 h1:5MMLcbIaapLFmvDGRT5iPk8877hpTPt8Y9cdSKRw9sU=
github.com/rickb777/plural v1.4.1/go.mod h1:kdmXUpmKBJTS0FtG/TFumd//VBWsNTD7zOw7x4umxNw=
github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -1286,10 +1260,6 @@ github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd
github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=
github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
github.com/yaegashi/msgraph.go v0.1.1-0.20200221123608-2d438cf2a7cc/go.mod h1:tso14hwzqX4VbnWTNsxiL0DvMb2OwbGISFA7jDibdWc=
github.com/yaegashi/msgraph.go v0.1.4 h1:leDXSczAbwBpYFSmmZrdByTiPoUw8dbTfNMetAjJvbw=
github.com/yaegashi/msgraph.go v0.1.4/go.mod h1:vgeYhHa5skJt/3lTyjGXThTZhwbhRnGo6uUxzoJIGME=
github.com/yaegashi/wtz.go v0.0.2/go.mod h1:nOLA5QXsmdkRxBkP5tljhua13ADHCKirLBrzPf4PEJc=
github.com/yosuke-furukawa/json5 v0.1.1/go.mod h1:sw49aWDqNdRJ6DYUtIQiaA3xyj2IL9tjeNYmX2ixwcU=
github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1516,7 +1486,6 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
@@ -1746,11 +1715,9 @@ golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWc
golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200529172331-a64b76657301/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200731060945-b5fad4ed8dd6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
@@ -1946,7 +1913,6 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
gopkg.in/Acconut/lockfile.v1 v1.1.0/go.mod h1:6UCz3wJ8tSFUsPR6uP/j8uegEtDuEEqFxlpi0JI4Umw=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/amz.v3 v3.0.0-20201001071545-24fc1eceb27b/go.mod h1:cE0dCGx2UfBTjLFlzEx4EXJUmoX6BXBoX9GjKOvqha4=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

2
ocis-pkg/config/config.go
View File

@@ -12,7 +12,6 @@ import (
authmachine "github.com/owncloud/ocis/v2/extensions/auth-machine/pkg/config"
frontend "github.com/owncloud/ocis/v2/extensions/frontend/pkg/config"
gateway "github.com/owncloud/ocis/v2/extensions/gateway/pkg/config"
glauth "github.com/owncloud/ocis/v2/extensions/glauth/pkg/config"
graphExplorer "github.com/owncloud/ocis/v2/extensions/graph-explorer/pkg/config"
graph "github.com/owncloud/ocis/v2/extensions/graph/pkg/config"
groups "github.com/owncloud/ocis/v2/extensions/groups/pkg/config"
@@ -83,7 +82,6 @@ type Config struct {
AuthMachine *authmachine.Config `yaml:"auth_machine"`
Frontend *frontend.Config `yaml:"frontend"`
Gateway *gateway.Config `yaml:"gateway"`
GLAuth *glauth.Config `yaml:"glauth"`
Graph *graph.Config `yaml:"graph"`
GraphExplorer *graphExplorer.Config `yaml:"graph_explorer"`
Groups *groups.Config `yaml:"groups"`

2
ocis-pkg/config/defaultconfig.go
View File

@@ -10,7 +10,6 @@ import (
authmachine "github.com/owncloud/ocis/v2/extensions/auth-machine/pkg/config/defaults"
frontend "github.com/owncloud/ocis/v2/extensions/frontend/pkg/config/defaults"
gateway "github.com/owncloud/ocis/v2/extensions/gateway/pkg/config/defaults"
glauth "github.com/owncloud/ocis/v2/extensions/glauth/pkg/config/defaults"
graphExplorer "github.com/owncloud/ocis/v2/extensions/graph-explorer/pkg/config/defaults"
graph "github.com/owncloud/ocis/v2/extensions/graph/pkg/config/defaults"
groups "github.com/owncloud/ocis/v2/extensions/groups/pkg/config/defaults"
@@ -51,7 +50,6 @@ func DefaultConfig() *Config {
AuthMachine: authmachine.DefaultConfig(),
Frontend: frontend.DefaultConfig(),
Gateway: gateway.DefaultConfig(),
GLAuth: glauth.DefaultConfig(),
Graph: graph.DefaultConfig(),
GraphExplorer: graphExplorer.DefaultConfig(),
Groups: groups.DefaultConfig(),

33
ocis/pkg/command/glauth.go
View File

@@ -1,33 +0,0 @@
package command
import (
"fmt"
"github.com/owncloud/ocis/v2/extensions/glauth/pkg/command"
"github.com/owncloud/ocis/v2/ocis-pkg/config"
"github.com/owncloud/ocis/v2/ocis-pkg/config/parser"
"github.com/owncloud/ocis/v2/ocis/pkg/register"
"github.com/urfave/cli/v2"
)
// GLAuthCommand is the entrypoint for the glauth command.
func GLAuthCommand(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: cfg.GLAuth.Service.Name,
Usage: subcommandDescription(cfg.GLAuth.Service.Name),
Category: "extensions",
Before: func(c *cli.Context) error {
if err := parser.ParseConfig(cfg); err != nil {
fmt.Printf("%v", err)
return err
}
cfg.GLAuth.Commons = cfg.Commons
return nil
},
Subcommands: command.GetCommands(cfg.GLAuth),
}
}
func init() {
register.AddCommand(GLAuthCommand)
}

6
ocis/pkg/runtime/service/service.go
View File

@@ -27,7 +27,6 @@ import (
authmachine "github.com/owncloud/ocis/v2/extensions/auth-machine/pkg/command"
frontend "github.com/owncloud/ocis/v2/extensions/frontend/pkg/command"
gateway "github.com/owncloud/ocis/v2/extensions/gateway/pkg/command"
glauth "github.com/owncloud/ocis/v2/extensions/glauth/pkg/command"
graphExplorer "github.com/owncloud/ocis/v2/extensions/graph-explorer/pkg/command"
graph "github.com/owncloud/ocis/v2/extensions/graph/pkg/command"
groups "github.com/owncloud/ocis/v2/extensions/groups/pkg/command"
@@ -111,7 +110,6 @@ func NewService(options ...Option) (*Service, error) {
s.ServicesRegistry[opts.Config.Settings.Service.Name] = settings.NewSutureService
s.ServicesRegistry[opts.Config.Nats.Service.Name] = nats.NewSutureService
s.ServicesRegistry[opts.Config.StorageSystem.Service.Name] = storageSystem.NewSutureService
s.ServicesRegistry[opts.Config.GLAuth.Service.Name] = glauth.NewSutureService
s.ServicesRegistry[opts.Config.Graph.Service.Name] = graph.NewSutureService
s.ServicesRegistry[opts.Config.GraphExplorer.Service.Name] = graphExplorer.NewSutureService
s.ServicesRegistry[opts.Config.IDM.Service.Name] = idm.NewSutureService
@@ -258,10 +256,6 @@ func (s *Service) generateRunSet(cfg *ociscfg.Config) {
}
for name := range s.ServicesRegistry {
// don't run glauth by default but keep the possibility to start it via cfg.Runtime.Extensions for now
if name == "glauth" {
continue
}
runset = append(runset, name)
}