From f5afa79d0a51b63006ee422b138f2f6aa17f7070 Mon Sep 17 00:00:00 2001
From: "kali kaneko (leap communications)" <kali@leap.se>
Date: Wed, 19 Aug 2020 19:46:19 +0200
Subject: [feat] passwordless-sip

---
 pkg/auth/sip2/auth.go   |  6 +++---
 pkg/auth/sip2/client.go | 27 ++++++++++++++++-----------
 2 files changed, 19 insertions(+), 14 deletions(-)

(limited to 'pkg/auth/sip2')

diff --git a/pkg/auth/sip2/auth.go b/pkg/auth/sip2/auth.go
index 72b94cd..0ee6cdd 100644
--- a/pkg/auth/sip2/auth.go
+++ b/pkg/auth/sip2/auth.go
@@ -53,7 +53,7 @@ func setupTerminatorFromEnv() {
 	}
 }
 
-func initializeSipConnection(skipConnect bool) (sipClient, error) {
+func initializeSipConnection(skipConnect bool, passwordPolicy string) (sipClient, error) {
 	log.Println("Initializing SIP2 authenticator")
 
 	user := getConfigFromEnv(sipUserVar, "")
@@ -64,7 +64,7 @@ func initializeSipConnection(skipConnect bool) (sipClient, error) {
 
 	setupTerminatorFromEnv()
 
-	sip := newClient(host, port, loc)
+	sip := newClient(host, port, loc, passwordPolicy)
 
 	if skipConnect {
 		// for testing purposes
@@ -81,7 +81,7 @@ func initializeSipConnection(skipConnect bool) (sipClient, error) {
 
 func GetAuthenticator(opts *config.Opts, skipConnect bool) *sipClient {
 
-	sip, err := initializeSipConnection(skipConnect)
+	sip, err := initializeSipConnection(skipConnect, opts.PasswordPolicy)
 	if err != nil {
 		log.Fatal("Cannot initialize sip:", err)
 	}
diff --git a/pkg/auth/sip2/client.go b/pkg/auth/sip2/client.go
index 567d908..ed7fc73 100644
--- a/pkg/auth/sip2/client.go
+++ b/pkg/auth/sip2/client.go
@@ -33,15 +33,16 @@ const (
 )
 
 type sipClient struct {
-	host          string
-	port          string
-	location      string
-	user          string
-	pass          string
-	conn          gote.Connection
-	heartBeatDone chan bool
-	reqQueue      chan request
-	parser        *Parser
+	host           string
+	port           string
+	location       string
+	passwordPolicy string
+	user           string
+	pass           string
+	conn           gote.Connection
+	heartBeatDone  chan bool
+	reqQueue       chan request
+	parser         *Parser
 }
 
 type request struct {
@@ -54,10 +55,10 @@ type response struct {
 	err error
 }
 
-func newClient(host, port, location string) sipClient {
+func newClient(host, port, location, passwordPolicy string) sipClient {
 	reqQ := make(chan request)
 	parser := getParser()
-	c := sipClient{host, port, location, "", "", nil, nil, reqQ, parser}
+	c := sipClient{host, port, location, passwordPolicy, "", "", nil, nil, reqQ, parser}
 	return c
 }
 
@@ -217,6 +218,10 @@ func (c *sipClient) CheckCredentials(credentials *creds.Credentials) (bool, erro
 		return false, err
 	}
 	if valid, err := isValidUser(statusMsg); valid {
+		if c.passwordPolicy == "ignore" {
+			// passwordless library
+			return true, nil
+		}
 		if valid, err := isValidPassword(statusMsg); valid {
 			return true, nil
 		} else {
-- 
cgit v1.2.3