From fc33496b492e77008f1dd56637a58a9db50d0404 Mon Sep 17 00:00:00 2001 From: tmfkams Date: Mon, 20 Jan 2014 21:45:15 +0100 Subject: SSL/TLS with certificates --- .gitignore | 2 ++ conn.go | 18 +++++++++--------- examples/searchSSL.go | 45 +++++++++++++++++++++++++++++++++++++++++++++ examples/searchTLS.go | 45 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 101 insertions(+), 9 deletions(-) create mode 100644 examples/searchSSL.go create mode 100644 examples/searchTLS.go diff --git a/.gitignore b/.gitignore index b33b5d8..87275bf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ examples/modify examples/search +examples/searchSSL +examples/searchTLS diff --git a/conn.go b/conn.go index cfa8772..38d75f7 100644 --- a/conn.go +++ b/conn.go @@ -39,8 +39,8 @@ func Dial(network, addr string) (*Conn, *Error) { // Dial connects to the given address on the given network using net.Dial // and then sets up SSL connection and returns a new Conn for the connection. -func DialSSL(network, addr string) (*Conn, *Error) { - c, err := tls.Dial(network, addr, nil) +func DialSSL(network, addr string, config *tls.Config) (*Conn, *Error) { + c, err := tls.Dial(network, addr, config) if err != nil { return nil, NewError(ErrorNetwork, err) } @@ -53,14 +53,14 @@ func DialSSL(network, addr string) (*Conn, *Error) { // Dial connects to the given address on the given network using net.Dial // and then starts a TLS session and returns a new Conn for the connection. -func DialTLS(network, addr string) (*Conn, *Error) { +func DialTLS(network, addr string, config *tls.Config) (*Conn, *Error) { c, err := net.Dial(network, addr) if err != nil { return nil, NewError(ErrorNetwork, err) } conn := NewConn(c) - if err := conn.startTLS(); err != nil { + if err := conn.startTLS(config); err != nil { conn.Close() return nil, NewError(ErrorNetwork, err.Err) } @@ -114,7 +114,7 @@ func (l *Conn) nextMessageID() (messageID uint64) { } // StartTLS sends the command to start a TLS session and then creates a new TLS Client -func (l *Conn) startTLS() *Error { +func (l *Conn) startTLS(config *tls.Config) *Error { messageID := l.nextMessageID() if l.isSSL { @@ -123,9 +123,9 @@ func (l *Conn) startTLS() *Error { packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request") packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimative, ber.TagInteger, messageID, "MessageID")) - startTLS := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationExtendedRequest, nil, "Start TLS") - startTLS.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimative, 0, "1.3.6.1.4.1.1466.20037", "TLS Extended Command")) - packet.AppendChild(startTLS) + request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationExtendedRequest, nil, "Start TLS") + request.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimative, 0, "1.3.6.1.4.1.1466.20037", "TLS Extended Command")) + packet.AppendChild(request) l.Debug.PrintPacket(packet) _, err := l.conn.Write(packet.Bytes()) @@ -146,7 +146,7 @@ func (l *Conn) startTLS() *Error { } if packet.Children[1].Children[0].Value.(uint64) == 0 { - conn := tls.Client(l.conn, nil) + conn := tls.Client(l.conn, config) l.isSSL = true l.conn = conn } diff --git a/examples/searchSSL.go b/examples/searchSSL.go new file mode 100644 index 0000000..b05ad85 --- /dev/null +++ b/examples/searchSSL.go @@ -0,0 +1,45 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// File contains a search example +package main + +import ( + "fmt" + "github.com/tmfkams/ldap" + "log" +) + +var ( + LdapServer string = "localhost" + LdapPort uint16 = 636 + BaseDN string = "dc=enterprise,dc=org" + Filter string = "(cn=kirkj)" + Attributes []string = []string{"mail"} +) + +func main() { + l, err := ldap.DialSSL("tcp", fmt.Sprintf("%s:%d", LdapServer, LdapPort), nil) + if err != nil { + log.Fatalf("ERROR: %s\n", err.String()) + } + defer l.Close() + // l.Debug = true + + search := ldap.NewSearchRequest( + BaseDN, + ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, + Filter, + Attributes, + nil) + + sr, err := l.Search(search) + if err != nil { + log.Fatalf("ERROR: %s\n", err.String()) + return + } + + log.Printf("Search: %s -> num of entries = %d\n", search.Filter, len(sr.Entries)) + sr.PrettyPrint(0) +} diff --git a/examples/searchTLS.go b/examples/searchTLS.go new file mode 100644 index 0000000..b8dc1c6 --- /dev/null +++ b/examples/searchTLS.go @@ -0,0 +1,45 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// File contains a search example +package main + +import ( + "fmt" + "github.com/tmfkams/ldap" + "log" +) + +var ( + LdapServer string = "localhost" + LdapPort uint16 = 389 + BaseDN string = "dc=enterprise,dc=org" + Filter string = "(cn=kirkj)" + Attributes []string = []string{"mail"} +) + +func main() { + l, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", LdapServer, LdapPort), nil) + if err != nil { + log.Fatalf("ERROR: %s\n", err.String()) + } + defer l.Close() + // l.Debug = true + + search := ldap.NewSearchRequest( + BaseDN, + ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, + Filter, + Attributes, + nil) + + sr, err := l.Search(search) + if err != nil { + log.Fatalf("ERROR: %s\n", err.String()) + return + } + + log.Printf("Search: %s -> num of entries = %d\n", search.Filter, len(sr.Entries)) + sr.PrettyPrint(0) +} -- cgit v1.2.3