diff --git a/internal/outpost/flow.go b/internal/outpost/flow.go index 832e4fd51..97dbc2c7f 100644 --- a/internal/outpost/flow.go +++ b/internal/outpost/flow.go @@ -16,6 +16,7 @@ import ( "goauthentik.io/api" "goauthentik.io/internal/constants" "goauthentik.io/internal/outpost/ak" + "goauthentik.io/internal/utils" ) type StageComponent string @@ -63,6 +64,8 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config Jar: jar, Transport: ak.NewTracingTransport(ctx, ak.GetTLSTransport()), } + token := strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1] + config.AddDefaultHeader(HeaderAuthentikOutpostToken, token) apiClient := api.NewAPIClient(config) return &FlowExecutor{ Params: url.Values{}, @@ -71,7 +74,7 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config api: apiClient, flowSlug: flowSlug, log: l, - token: strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1], + token: token, sp: rsp, } } @@ -87,13 +90,7 @@ type ChallengeInt interface { } func (fe *FlowExecutor) DelegateClientIP(a net.Addr) { - host, _, err := net.SplitHostPort(a.String()) - if err != nil { - fe.log.WithError(err).Warning("Failed to get remote IP") - return - } - fe.api.GetConfig().AddDefaultHeader(HeaderAuthentikRemoteIP, host) - fe.api.GetConfig().AddDefaultHeader(HeaderAuthentikOutpostToken, fe.token) + fe.api.GetConfig().AddDefaultHeader(HeaderAuthentikRemoteIP, utils.GetIP(a)) } func (fe *FlowExecutor) CheckApplicationAccess(appSlug string) (bool, error) { diff --git a/internal/outpost/ldap/bind.go b/internal/outpost/ldap/bind.go index f56e94f07..303fd5de3 100644 --- a/internal/outpost/ldap/bind.go +++ b/internal/outpost/ldap/bind.go @@ -9,6 +9,7 @@ import ( "github.com/google/uuid" "github.com/nmcclain/ldap" log "github.com/sirupsen/logrus" + "goauthentik.io/internal/utils" ) type BindRequest struct { @@ -33,7 +34,7 @@ func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LD BindDN: bindDN, BindPW: bindPW, conn: conn, - log: ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", conn.RemoteAddr().String()), + log: ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", utils.GetIP(conn.RemoteAddr())), id: rid, ctx: span.Context(), } diff --git a/internal/outpost/ldap/instance_bind.go b/internal/outpost/ldap/instance_bind.go index d0df7c2a2..6f1d05a67 100644 --- a/internal/outpost/ldap/instance_bind.go +++ b/internal/outpost/ldap/instance_bind.go @@ -11,6 +11,7 @@ import ( log "github.com/sirupsen/logrus" "goauthentik.io/api" "goauthentik.io/internal/outpost" + "goauthentik.io/internal/utils" ) const ContextUserKey = "ak_user" @@ -36,7 +37,7 @@ func (pi *ProviderInstance) getUsername(dn string) (string, error) { func (pi *ProviderInstance) Bind(username string, req BindRequest) (ldap.LDAPResultCode, error) { fe := outpost.NewFlowExecutor(req.ctx, pi.flowSlug, pi.s.ac.Client.GetConfig(), log.Fields{ "bindDN": req.BindDN, - "client": req.conn.RemoteAddr().String(), + "client": utils.GetIP(req.conn.RemoteAddr()), "requestId": req.id, }) fe.DelegateClientIP(req.conn.RemoteAddr()) diff --git a/internal/outpost/ldap/search.go b/internal/outpost/ldap/search.go index c4222cec8..34b634e5a 100644 --- a/internal/outpost/ldap/search.go +++ b/internal/outpost/ldap/search.go @@ -11,6 +11,7 @@ import ( "github.com/google/uuid" "github.com/nmcclain/ldap" log "github.com/sirupsen/logrus" + "goauthentik.io/internal/utils" ) type SearchRequest struct { @@ -35,7 +36,7 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n SearchRequest: searchReq, BindDN: bindDN, conn: conn, - log: ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", conn.RemoteAddr().String()).WithField("filter", searchReq.Filter).WithField("baseDN", searchReq.BaseDN), + log: ls.log.WithField("bindDN", bindDN).WithField("requestId", rid).WithField("client", utils.GetIP(conn.RemoteAddr())).WithField("filter", searchReq.Filter).WithField("baseDN", searchReq.BaseDN), id: rid, ctx: span.Context(), } diff --git a/internal/utils/net.go b/internal/utils/net.go new file mode 100644 index 000000000..79bf4c64e --- /dev/null +++ b/internal/utils/net.go @@ -0,0 +1,13 @@ +package utils + +import "net" + +func GetIP(addr net.Addr) string { + switch addr := addr.(type) { + case *net.UDPAddr: + return addr.IP.String() + case *net.TCPAddr: + return addr.IP.String() + } + return "" +}