Skip to content

Commit

Permalink
Add trustmodel deny (#7)
Browse files Browse the repository at this point in the history
  • Loading branch information
@iavael
iavael authored Jun 9, 2021
1 parent 5d5464d commit cda04ae
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions access.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ type TrustModel uint8
const (
tmFull TrustModel = iota
tmHost
tmDeny
)

type hostInterface interface {
Expand Down Expand Up @@ -56,6 +57,8 @@ func checkAccess(user string, host hostInterface, entries []*ldap.Entry) bool {
case "byhost":
debugLog("TrustModel is 'ByHost'")
tmodel = tmHost
case "deny":
tmodel = tmDeny
default:
logger.Warn("Unknown trustmodel \"%s\" in DN %s, assuming \"ByHost\"", tm[0], entry.DN)
}
Expand All @@ -64,6 +67,10 @@ func checkAccess(user string, host hostInterface, entries []*ldap.Entry) bool {
tmodel = tmHost
}

if tmodel == tmDeny {
logger.Info("User %s has 'deny' trustmodel", user)
return false
}
if tmodel == tmFull {
logger.Info("Granting access to user %s by trustmodel \"FullAccess\"", user)
return true
Expand Down

0 comments on commit cda04ae

Please sign in to comment.