feature #1741: test every dn in x509 authentication

This patch was provided by Boris Parak <256254@mail.muni.cz> in http://dev.opennebula.org/issues/1741 Minor cosmetic changes
2025-03-21 14:50:08 +03:00 · 2013-02-18 17:52:17 +01:00 · 2013-02-18 17:52:17 +01:00 · 7b9c6561ea
commit 7b9c6561ea
parent efbaff9b9a
1 changed files with 14 additions and 2 deletions
--- a/src/cloud/common/CloudAuth.rb
+++ b/src/cloud/common/CloudAuth.rb
@ -134,9 +134,21 @@ class CloudAuth
    # password:: _String_ the password
    # [return] _Hash_ with the username
    def get_username(password)
-        xpath = "USER[contains(PASSWORD, \"#{password}\")]/NAME"
+        xpath = "USER[PASSWORD=\"#{password}\"]/NAME"
+        username = retrieve_from_userpool(xpath)

-        retrieve_from_userpool(xpath)
+        # No exact match, trying to match password with each
+        # of the pipe-separated DNs stored in USER/PASSWORD
+        if username.nil?
+            @lock.synchronize do
+                @user_pool.each do |user|
+                    return user["NAME"] if user["AUTH_DRIVER"] == "x509" &&
+                        user["PASSWORD"].split('|').include?(password)
+                end
+            end
+        end
+
+        username
    end

    private