mirror of
https://github.com/go-gitea/gitea
synced 2025-07-14 22:47:21 +00:00
Add single sign-on support via SSPI on Windows (#8463)
* Add single sign-on support via SSPI on Windows * Ensure plugins implement interface * Ensure plugins implement interface * Move functions used only by the SSPI auth method to sspi_windows.go * Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected * Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links. * Update documentation for the new 'SPNEGO with SSPI' login source * Mention in documentation that ROOT_URL should contain the FQDN of the server * Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing) * Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources) * Add option in SSPIConfig for removing of domains from logon names * Update helper text for StripDomainNames option * Make sure handleSignIn() is called after a new user object is created by SSPI auth method * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Remove default value from text of form field helper Co-Authored-By: Lauris BH <lauris@nix.lv> * Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates * Remove code duplication * Log errors in ActiveLoginSources Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert suffix of randomly generated E-mails for Reverse proxy authentication Co-Authored-By: Lauris BH <lauris@nix.lv> * Revert unneeded white-space change in template Co-Authored-By: Lauris BH <lauris@nix.lv> * Add copyright comments at the top of new files * Use loopback name for randomly generated emails * Add locale tag for the SSPISeparatorReplacement field with proper casing * Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields * Update docs/content/doc/features/authentication.en-us.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Remove Priority() method and define the order in which SSO auth methods should be executed in one place * Log authenticated username only if it's not empty * Rephrase helper text for automatic creation of users * Return error if more than one active SSPI auth source is found * Change newUser() function to return error, letting caller log/handle the error * Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed * Refactor initialization of the list containing SSO auth methods * Validate SSPI settings on POST * Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page * Make 'Default language' in SSPI config empty, unless changed by admin * Show error if admin tries to add a second authentication source of type SSPI * Simplify declaration of global variable * Rebuild gitgraph.js on Linux * Make sure config values containing only whitespace are not accepted
This commit is contained in:
QuaSoft
Lauris BH
45
vendor/golang.org/x/sys/windows/syscall_windows.go
generated
vendored
45
vendor/golang.org/x/sys/windows/syscall_windows.go
generated
vendored
@ -57,6 +57,10 @@ const (
|
||||
FILE_VOLUME_IS_COMPRESSED = 0x00008000
|
||||
FILE_VOLUME_QUOTAS = 0x00000020
|
||||
|
||||
// Flags for LockFileEx.
|
||||
LOCKFILE_FAIL_IMMEDIATELY = 0x00000001
|
||||
LOCKFILE_EXCLUSIVE_LOCK = 0x00000002
|
||||
|
||||
// Return values of SleepEx and other APC functions
|
||||
STATUS_USER_APC = 0x000000C0
|
||||
WAIT_IO_COMPLETION = STATUS_USER_APC
|
||||
@ -136,6 +140,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
|
||||
//sys LoadLibraryEx(libname string, zero Handle, flags uintptr) (handle Handle, err error) = LoadLibraryExW
|
||||
//sys FreeLibrary(handle Handle) (err error)
|
||||
//sys GetProcAddress(module Handle, procname string) (proc uintptr, err error)
|
||||
//sys GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW
|
||||
//sys GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW
|
||||
//sys GetVersion() (ver uint32, err error)
|
||||
//sys FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
|
||||
//sys ExitProcess(exitcode uint32)
|
||||
@ -160,6 +166,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
|
||||
//sys DeleteFile(path *uint16) (err error) = DeleteFileW
|
||||
//sys MoveFile(from *uint16, to *uint16) (err error) = MoveFileW
|
||||
//sys MoveFileEx(from *uint16, to *uint16, flags uint32) (err error) = MoveFileExW
|
||||
//sys LockFileEx(file Handle, flags uint32, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error)
|
||||
//sys UnlockFileEx(file Handle, reserved uint32, bytesLow uint32, bytesHigh uint32, overlapped *Overlapped) (err error)
|
||||
//sys GetComputerName(buf *uint16, n *uint32) (err error) = GetComputerNameW
|
||||
//sys GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) = GetComputerNameExW
|
||||
//sys SetEndOfFile(handle Handle) (err error)
|
||||
@ -173,13 +181,11 @@ func NewCallbackCDecl(fn interface{}) uintptr {
|
||||
//sys CancelIoEx(s Handle, o *Overlapped) (err error)
|
||||
//sys CreateProcess(appName *uint16, commandLine *uint16, procSecurity *SecurityAttributes, threadSecurity *SecurityAttributes, inheritHandles bool, creationFlags uint32, env *uint16, currentDir *uint16, startupInfo *StartupInfo, outProcInfo *ProcessInformation) (err error) = CreateProcessW
|
||||
//sys OpenProcess(desiredAccess uint32, inheritHandle bool, processId uint32) (handle Handle, err error)
|
||||
//sys ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) = shell32.ShellExecuteW
|
||||
//sys ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) [failretval<=32] = shell32.ShellExecuteW
|
||||
//sys shGetKnownFolderPath(id *KNOWNFOLDERID, flags uint32, token Token, path **uint16) (ret error) = shell32.SHGetKnownFolderPath
|
||||
//sys TerminateProcess(handle Handle, exitcode uint32) (err error)
|
||||
//sys GetExitCodeProcess(handle Handle, exitcode *uint32) (err error)
|
||||
//sys GetStartupInfo(startupInfo *StartupInfo) (err error) = GetStartupInfoW
|
||||
//sys GetCurrentProcess() (pseudoHandle Handle, err error)
|
||||
//sys GetCurrentThread() (pseudoHandle Handle, err error)
|
||||
//sys GetProcessTimes(handle Handle, creationTime *Filetime, exitTime *Filetime, kernelTime *Filetime, userTime *Filetime) (err error)
|
||||
//sys DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error)
|
||||
//sys WaitForSingleObject(handle Handle, waitMilliseconds uint32) (event uint32, err error) [failretval==0xffffffff]
|
||||
@ -284,6 +290,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
|
||||
//sys FindNextVolumeMountPoint(findVolumeMountPoint Handle, volumeMountPoint *uint16, bufferLength uint32) (err error) = FindNextVolumeMountPointW
|
||||
//sys FindVolumeClose(findVolume Handle) (err error)
|
||||
//sys FindVolumeMountPointClose(findVolumeMountPoint Handle) (err error)
|
||||
//sys GetDiskFreeSpaceEx(directoryName *uint16, freeBytesAvailableToCaller *uint64, totalNumberOfBytes *uint64, totalNumberOfFreeBytes *uint64) (err error) = GetDiskFreeSpaceExW
|
||||
//sys GetDriveType(rootPathName *uint16) (driveType uint32) = GetDriveTypeW
|
||||
//sys GetLogicalDrives() (drivesBitMask uint32, err error) [failretval==0]
|
||||
//sys GetLogicalDriveStrings(bufferLength uint32, buffer *uint16) (n uint32, err error) [failretval==0] = GetLogicalDriveStringsW
|
||||
@ -296,6 +303,10 @@ func NewCallbackCDecl(fn interface{}) uintptr {
|
||||
//sys SetVolumeLabel(rootPathName *uint16, volumeName *uint16) (err error) = SetVolumeLabelW
|
||||
//sys SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err error) = SetVolumeMountPointW
|
||||
//sys MessageBox(hwnd Handle, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) [failretval==0] = user32.MessageBoxW
|
||||
//sys ExitWindowsEx(flags uint32, reason uint32) (err error) = user32.ExitWindowsEx
|
||||
//sys InitiateSystemShutdownEx(machineName *uint16, message *uint16, timeout uint32, forceAppsClosed bool, rebootAfterShutdown bool, reason uint32) (err error) = advapi32.InitiateSystemShutdownExW
|
||||
//sys SetProcessShutdownParameters(level uint32, flags uint32) (err error) = kernel32.SetProcessShutdownParameters
|
||||
//sys GetProcessShutdownParameters(level *uint32, flags *uint32) (err error) = kernel32.GetProcessShutdownParameters
|
||||
//sys clsidFromString(lpsz *uint16, pclsid *GUID) (ret error) = ole32.CLSIDFromString
|
||||
//sys stringFromGUID2(rguid *GUID, lpsz *uint16, cchMax int32) (chars int32) = ole32.StringFromGUID2
|
||||
//sys coCreateGuid(pguid *GUID) (ret error) = ole32.CoCreateGuid
|
||||
@ -305,6 +316,34 @@ func NewCallbackCDecl(fn interface{}) uintptr {
|
||||
|
||||
// syscall interface implementation for other packages
|
||||
|
||||
// GetCurrentProcess returns the handle for the current process.
|
||||
// It is a pseudo handle that does not need to be closed.
|
||||
// The returned error is always nil.
|
||||
//
|
||||
// Deprecated: use CurrentProcess for the same Handle without the nil
|
||||
// error.
|
||||
func GetCurrentProcess() (Handle, error) {
|
||||
return CurrentProcess(), nil
|
||||
}
|
||||
|
||||
// CurrentProcess returns the handle for the current process.
|
||||
// It is a pseudo handle that does not need to be closed.
|
||||
func CurrentProcess() Handle { return Handle(^uintptr(1 - 1)) }
|
||||
|
||||
// GetCurrentThread returns the handle for the current thread.
|
||||
// It is a pseudo handle that does not need to be closed.
|
||||
// The returned error is always nil.
|
||||
//
|
||||
// Deprecated: use CurrentThread for the same Handle without the nil
|
||||
// error.
|
||||
func GetCurrentThread() (Handle, error) {
|
||||
return CurrentThread(), nil
|
||||
}
|
||||
|
||||
// CurrentThread returns the handle for the current thread.
|
||||
// It is a pseudo handle that does not need to be closed.
|
||||
func CurrentThread() Handle { return Handle(^uintptr(2 - 1)) }
|
||||
|
||||
// GetProcAddressByOrdinal retrieves the address of the exported
|
||||
// function from module by ordinal.
|
||||
func GetProcAddressByOrdinal(module Handle, ordinal uintptr) (proc uintptr, err error) {
|
||||
|
||||
Reference in New Issue
Block a user