B #2479 Always downcase username in LDAP auth driver (#2562)

2025-01-21 18:03:38 +03:00 · 2018-11-16 10:23:43 +01:00 · 2018-11-16 10:23:43 +01:00 · 70c7d5536e
commit 70c7d5536e
parent 311ca1d9da
2 changed files with 16 additions and 2 deletions
--- a/src/authm_mad/remotes/ldap/authenticate
+++ b/src/authm_mad/remotes/ldap/authenticate
@ -126,7 +126,7 @@ order.each do |name|

                    # authentication success
                    group_list = groups.join(' ')
-                    escaped_user = URI_PARSER.escape(user)
+                    escaped_user = URI_PARSER.escape(user).strip.downcase
                    escaped_secret = URI_PARSER.escape(user_name)

                    puts "ldap #{escaped_user} #{escaped_secret} #{group_list}"
--- a/src/onedb/fsck/user.rb
+++ b/src/onedb/fsck/user.rb
@ -10,10 +10,12 @@ module OneDBFsck

        @fixes_user = users_fix = {}

-        @db.fetch("SELECT oid,body,gid FROM user_pool") do |row|
+        name_seen = {}
+        @db.fetch("SELECT oid,body,gid,name FROM user_pool") do |row|
            doc = Nokogiri::XML(row[:body],nil,NOKOGIRI_ENCODING){|c| c.default_xml.noblanks}

            gid = doc.root.at_xpath('GID').text.to_i
+            auth_driver = doc.root.at_xpath('AUTH_DRIVER').text
            user_gid = gid
            user_gids = Set.new

@ -76,6 +78,18 @@ module OneDBFsck

                users_fix[row[:oid]] = {:body => doc.root.to_s, :gid => user_gid}
            end
+
+            if auth_driver == 'ldap'
+                if ! name_seen[row[:name].downcase]
+                    name_seen[row[:name].downcase] = [row[:oid] , row[:name]]
+                else
+                    log_error(
+                        "User id:#{row[:oid]} has conficting name #{row[:name]}, "<<
+                        "another user id:#{name_seen[row[:name].downcase][0]} "<<
+                        "with name #{name_seen[row[:name].downcase][1] } is present",
+                        repaired=false)
+                end
+            end
        end
    end