From 4216d1553ac188bd920a1d4fcea5452bcf073d6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= Date: Wed, 19 Aug 2020 14:44:33 +0200 Subject: [PATCH] Fixed Regex LDAP accepting altClass as secondary search --- .../src/uds/auths/RegexLdap/authenticator.py | 24 +++++++++++++++++-- server/src/uds/core/util/ldaputil.py | 2 +- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/server/src/uds/auths/RegexLdap/authenticator.py b/server/src/uds/auths/RegexLdap/authenticator.py index 673394c6..2fd5b400 100644 --- a/server/src/uds/auths/RegexLdap/authenticator.py +++ b/server/src/uds/auths/RegexLdap/authenticator.py @@ -153,7 +153,7 @@ class RegexLdap(auths.Authenticator): res.append(attr) return res - def __processField(self, field: str, attributes: typing.Dict[str, typing.Any]) -> typing.List[str]: + def __processField(self, field: str, attributes: typing.MutableMapping[str, typing.Any]) -> typing.List[str]: res: typing.List[str] = [] logger.debug('Attributes: %s', attributes) for line in field.splitlines(): @@ -253,7 +253,7 @@ class RegexLdap(auths.Authenticator): @return: None if username is not found, an dictionary of LDAP entry attributes if found. @note: Active directory users contains the groups it belongs to in "memberOf" attribute """ - return ldaputil.getFirst( + user = ldaputil.getFirst( con=self.__connection(), base=self._ldapBase, objectClass=self._userClass, @@ -263,6 +263,26 @@ class RegexLdap(auths.Authenticator): sizeLimit=LDAP_RESULT_LIMIT ) + # If user attributes is split, that is, it has more than one "ldap entry", get a second entry filtering by a new attribute + # and add result attributes to "main" search. + # For example, you can have authentication in an "user" object class and attributes in an "user_attributes" object class. + # Note: This is very rare situation, but it ocurrs :) + if user and self._altClass: + altUser = ldaputil.getFirst( + con=self.__connection(), + base=self._ldapBase, + objectClass=self._altClass, + field=self._userIdAttr, + value=username, + attributes=[self._userIdAttr] + self.__getAttrsFromField(self._userNameAttr) + self.__getAttrsFromField(self._groupNameAttr), + sizeLimit=LDAP_RESULT_LIMIT + ) + if altUser: + user.update(altUser) + + return user + + def __getGroups(self, user: ldaputil.LDAPResultType): grps = self.__processField(self._groupNameAttr, user) if extra: diff --git a/server/src/uds/core/util/ldaputil.py b/server/src/uds/core/util/ldaputil.py index 94a6e887..05442e40 100644 --- a/server/src/uds/core/util/ldaputil.py +++ b/server/src/uds/core/util/ldaputil.py @@ -40,7 +40,7 @@ from uds.core.util import tools logger = logging.getLogger(__name__) -LDAPResultType = typing.Dict[str, typing.Any] +LDAPResultType = typing.MutableMapping[str, typing.Any] class LDAPError(Exception): @staticmethod