shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-16 22:50:10 +03:00
Code Releases Wiki Activity

Revert "B #4111: Fail LDAP auth if user casing differs (#4663)"

Browse Source 
This reverts commit b23a3713a6dacaaa9e1d1e0ed9de1291d4702345.
This commit is contained in:
Ruben S. Montero 2020-05-13 19:10:42 +02:00
parent 65b2f9a3b7
commit b82249f1fa
No known key found for this signature in database
GPG Key ID: A0CEA6FA880A1D87
2 changed files with 11 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/authm_mad/remotes/ldap/authenticate
View File

@ -54,6 +54,7 @@ begin
xml.initialize_xml(STDIN.read, 'AUTHN')
user = URI_PARSER.unescape(xml['/AUTHN/USERNAME'])
pass = URI_PARSER.unescape(xml['/AUTHN/PASSWORD'])
secret = URI_PARSER.unescape(xml['/AUTHN/SECRET'])
rescue
STDERR.puts "Invalid XML input"
@ -105,19 +106,13 @@ order.each do |name|
Timeout.timeout(timeout) do
ldap=OpenNebula::LdapAuth.new(server_conf)
user_dn, user_uid, user_group_name = ldap.find_user(user)
user_name, user_group_name = ldap.find_user(user)
if !user_dn
if !user_name
STDERR.puts "User #{user} not found"
break
end
if user_uid != user
STDERR.puts "User \"#{user}\" has different "\
"casing in LDAP \"#{user_uid}\""
break
end
if server_conf[:group]
if !ldap.is_in_group?(user_group_name, server_conf[:group])
STDERR.puts "User #{user} is not in group #{server_conf[:group]}"
@ -125,7 +120,7 @@ order.each do |name|
end
end
if ldap.authenticate(user_dn, secret)
if ldap.authenticate(user_name, secret)
groups = ldap.get_groups
if groups.empty?
if !server_conf[:mapping_default]
@ -138,9 +133,8 @@ order.each do |name|
# authentication success
group_list = groups.join(' ')
escaped_user = URI_PARSER.escape(user).strip.downcase
escaped_secret = URI_PARSER.escape(user_dn)
escaped_secret = URI_PARSER.escape(user_name)
puts "ldap #{escaped_user} #{escaped_secret} #{group_list}"
exit

17
src/authm_mad/remotes/ldap/ldap_auth.rb
View File

@ -64,8 +64,9 @@ class OpenNebula::LdapAuth
}
end
# always fetch user_filed to compare casing
@options[:attributes] << @options[:user_field]
if !@options[:rfc2307bis]
@options[:attributes] << @options[:user_field]
end
# fetch the user group field only if we need that
if @options[:group] or !@options[:rfc2307bis]
@ -142,21 +143,15 @@ class OpenNebula::LdapAuth
if result && result.first
@user = result.first
[@user.dn,
@user[@options[:user_field]].first,
@user[@options[:user_group_field]]
]
[@user.dn, @user[@options[:user_group_field]]]
else
result=@ldap.search(:base => name)
if result && result.first
@user = result.first
[name,
@user[@options[:user_field]].first,
@user[@options[:user_group_field]]]
[name, @user[@options[:user_group_field]]]
else
[nil, nil, nil]
[nil, nil]
end
end
end