From 05fd9d3f096e53bcf80b73345d6fa567fbf017e6 Mon Sep 17 00:00:00 2001
From: Sandro Santilli <strk@kbt.io>
Date: Mon, 7 Nov 2016 17:38:43 +0100
Subject: [PATCH] Security protocols

---
 models/login_source.go    | 10 +++++-----
 modules/auth/ldap/ldap.go | 10 +++++-----
 routers/admin/auths.go    | 10 +++++-----
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/models/login_source.go b/models/login_source.go
index 3140d35c54..f3d4b2b96f 100644
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -44,9 +44,9 @@ var LoginNames = map[LoginType]string{
 }
 
 var SecurityProtocolNames = map[ldap.SecurityProtocol]string{
-	ldap.SECURITY_PROTOCOL_UNENCRYPTED: "Unencrypted",
-	ldap.SECURITY_PROTOCOL_LDAPS:       "LDAPS",
-	ldap.SECURITY_PROTOCOL_START_TLS:   "StartTLS",
+	ldap.SecurityProtocolUnencrypted: "Unencrypted",
+	ldap.SecurityProtocolLdaps:       "LDAPS",
+	ldap.SecurityProtocolStartTls:   "StartTLS",
 }
 
 // Ensure structs implemented interface.
@@ -182,14 +182,14 @@ func (source *LoginSource) IsPAM() bool {
 
 func (source *LoginSource) HasTLS() bool {
 	return ((source.IsLDAP() || source.IsDLDAP()) &&
-		source.LDAP().SecurityProtocol > ldap.SECURITY_PROTOCOL_UNENCRYPTED) ||
+		source.LDAP().SecurityProtocol > ldap.SecurityProtocolUnencrypted) ||
 		source.IsSMTP()
 }
 
 func (source *LoginSource) UseTLS() bool {
 	switch source.Type {
 	case LoginLdap, LoginDldap:
-		return source.LDAP().SecurityProtocol != ldap.SECURITY_PROTOCOL_UNENCRYPTED
+		return source.LDAP().SecurityProtocol != ldap.SecurityProtocolUnencrypted
 	case LoginSmtp:
 		return source.SMTP().TLS
 	}
diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go
index b110fe6234..361ca5817f 100644
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -20,9 +20,9 @@ type SecurityProtocol int
 
 // Note: new type must be added at the end of list to maintain compatibility.
 const (
-	SECURITY_PROTOCOL_UNENCRYPTED SecurityProtocol = iota
-	SECURITY_PROTOCOL_LDAPS
-	SECURITY_PROTOCOL_START_TLS
+	SecurityProtocolUnencrypted SecurityProtocol = iota
+	SecurityProtocolLdaps
+	SecurityProtocolStartTls
 )
 
 // Basic LDAP authentication service
@@ -118,7 +118,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
 		ServerName:         ls.Host,
 		InsecureSkipVerify: ls.SkipVerify,
 	}
-	if ls.SecurityProtocol == SECURITY_PROTOCOL_LDAPS {
+	if ls.SecurityProtocol == SecurityProtocolLdaps {
 		return ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ls.Host, ls.Port), tlsCfg)
 	}
 
@@ -127,7 +127,7 @@ func dial(ls *Source) (*ldap.Conn, error) {
 		return nil, fmt.Errorf("Dial: %v", err)
 	}
 
-	if ls.SecurityProtocol == SECURITY_PROTOCOL_START_TLS {
+	if ls.SecurityProtocol == SecurityProtocolStartTls {
 		if err = conn.StartTLS(tlsCfg); err != nil {
 			conn.Close()
 			return nil, fmt.Errorf("StartTLS: %v", err)
diff --git a/routers/admin/auths.go b/routers/admin/auths.go
index 7fbd1296a2..39c028ee07 100644
--- a/routers/admin/auths.go
+++ b/routers/admin/auths.go
@@ -54,9 +54,9 @@ var (
 		{models.LoginNames[models.LoginPam], models.LoginPam},
 	}
 	securityProtocols = []dropdownItem{
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
+		{models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted], ldap.SecurityProtocolUnencrypted},
+		{models.SecurityProtocolNames[ldap.SecurityProtocolLdaps], ldap.SecurityProtocolLdaps},
+		{models.SecurityProtocolNames[ldap.SecurityProtocolStartTls], ldap.SecurityProtocolStartTls},
 	}
 )
 
@@ -67,7 +67,7 @@ func NewAuthSource(ctx *context.Context) {
 
 	ctx.Data["type"] = models.LoginLdap
 	ctx.Data["CurrentTypeName"] = models.LoginNames[models.LoginLdap]
-	ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
+	ctx.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocolUnencrypted]
 	ctx.Data["smtp_auth"] = "PLAIN"
 	ctx.Data["is_active"] = true
 	ctx.Data["AuthSources"] = authSources
@@ -127,7 +127,7 @@ func NewAuthSourcePost(ctx *context.Context, form auth.AuthenticationForm) {
 	switch models.LoginType(form.Type) {
 	case models.LoginLdap, models.LoginDldap:
 		config = parseLDAPConfig(form)
-		hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
+		hasTLS = ldap.SecurityProtocol(form.SecurityProtocol) > ldap.SecurityProtocolUnencrypted
 	case models.LoginSmtp:
 		config = parseSMTPConfig(form)
 		hasTLS = true