105 lines
2.8 KiB
Go
105 lines
2.8 KiB
Go
|
package main
|
||
|
|
|
||
|
|
import (
|
||
|
|
"fmt"
|
||
|
|
"io/ioutil"
|
||
|
|
"os"
|
||
|
|
|
||
|
|
"gopkg.in/yaml.v2"
|
||
|
|
)
|
||
|
|
|
||
|
|
type (
|
||
|
|
/* *
|
||
|
|
* CONFIGURATION DATA *
|
||
|
|
* */
|
||
|
|
|
||
|
|
// UNIX socket configuration. This includes the full path to the socket
|
||
|
|
// as well as the group name and mode.
|
||
|
|
tSocketConfig struct {
|
||
|
|
Path string `yaml:"path"`
|
||
|
|
Group string `yaml:"group"`
|
||
|
|
Mode os.FileMode `yaml:"mode"`
|
||
|
|
}
|
||
|
|
|
||
|
|
// LDAP connection configuration, used for servers and as a way to specify
|
||
|
|
// defaults.
|
||
|
|
tLdapConnectionConfig struct {
|
||
|
|
Port uint16 `yaml:"port"`
|
||
|
|
TLS string `yaml:"tls"`
|
||
|
|
TLSNoVerify bool `yaml:"tls_skip_verify"`
|
||
|
|
CaChain string `yaml:"ca_chain"`
|
||
|
|
BindUser string `yaml:"bind_user"`
|
||
|
|
BindPassword string `yaml:"bind_password"`
|
||
|
|
}
|
||
|
|
|
||
|
|
// LDAP server configuration. This defines how to connect to a
|
||
|
|
// single, specific LDAP server.
|
||
|
|
tLdapServerConfig struct {
|
||
|
|
Host string `yaml:"host"`
|
||
|
|
tLdapConnectionConfig
|
||
|
|
}
|
||
|
|
|
||
|
|
// LDAP attributes and base DN configuration
|
||
|
|
tLdapStructureConfig struct {
|
||
|
|
BaseDN string `yaml:"base_dn"`
|
||
|
|
EndEntityCertificate string `yaml:"end_entity"`
|
||
|
|
CACertificate string `yaml:"ca_certificate"`
|
||
|
|
CAChaining string `yaml:"ca_chaining"`
|
||
|
|
}
|
||
|
|
|
||
|
|
// LDAP configuration: LDAP structure, connection defaults and server
|
||
|
|
// connections.
|
||
|
|
tLdapConfig struct {
|
||
|
|
Structure tLdapStructureConfig `yaml:"structure"`
|
||
|
|
Defaults tLdapConnectionConfig `yaml:"defaults"`
|
||
|
|
Servers []tLdapServerConfig `yaml:"servers"`
|
||
|
|
}
|
||
|
|
|
||
|
|
// Certificate file configuration.
|
||
|
|
tCertificateFileConfig struct {
|
||
|
|
Path string `yaml:"path"`
|
||
|
|
Mode os.FileMode `yaml:"mode"`
|
||
|
|
Owner string `yaml:"owner"`
|
||
|
|
Group string `yaml:"group"`
|
||
|
|
PrependFiles []string `yaml:"prepend_files"`
|
||
|
|
Certificate string `yaml:"certificate"`
|
||
|
|
CACertificates []string `yaml:"ca"`
|
||
|
|
CAChainOf string `yaml:"ca_chain_of"`
|
||
|
|
Reverse bool `yaml:"reverse"`
|
||
|
|
AppendFiles []string `yaml:"append_files"`
|
||
|
|
AfterUpdate []string `yaml:"after_update"`
|
||
|
|
}
|
||
|
|
|
||
|
|
// Main configuration.
|
||
|
|
tConfiguration struct {
|
||
|
|
Socket tSocketConfig `yaml:"socket"`
|
||
|
|
LdapConfig tLdapConfig `yaml:"ldap"`
|
||
|
|
Certificates []tCertificateFileConfig `yaml:"certificates"`
|
||
|
|
}
|
||
|
|
)
|
||
|
|
|
||
|
|
func defaultConfiguration() tConfiguration {
|
||
|
|
cfg := tConfiguration{}
|
||
|
|
cfg.Socket.Mode = 0640
|
||
|
|
cfg.LdapConfig.Defaults.Port = 389
|
||
|
|
cfg.LdapConfig.Defaults.TLS = "no"
|
||
|
|
return cfg
|
||
|
|
}
|
||
|
|
|
||
|
|
// Load and check the configuration file
|
||
|
|
func loadConfiguration(file string) (tConfiguration, error) {
|
||
|
|
cfg := defaultConfiguration()
|
||
|
|
|
||
|
|
cfgData, err := ioutil.ReadFile(file)
|
||
|
|
if err != nil {
|
||
|
|
return cfg, fmt.Errorf("Could not load configuration: %w", err)
|
||
|
|
}
|
||
|
|
|
||
|
|
err = yaml.Unmarshal(cfgData, &cfg)
|
||
|
|
if err != nil {
|
||
|
|
return cfg, fmt.Errorf("Could not parse configuration: %w", err)
|
||
|
|
}
|
||
|
|
|
||
|
|
return cfg, nil
|
||
|
|
}
|