Skip to content

Commit

Permalink
LDAP: numeric uid/gid fallback to nobody(99) (cs3org#1848)
Browse files Browse the repository at this point in the history
  • Loading branch information
butonic authored and root committed Jul 1, 2021
1 parent 8634a12 commit 79694d1
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 28 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/ldap-nobody-fallback.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Bugfix: Fill in missing gid/uid number with nobody

When an LDAP server does not provide numeric uid or gid properties for a user we now fall back to a configurable `nobody` id (default 99).

https://github.com/cs3org/reva/pull/1848
26 changes: 19 additions & 7 deletions pkg/auth/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ type config struct {
Idp string `mapstructure:"idp"`
GatewaySvc string `mapstructure:"gatewaysvc"`
Schema attributes `mapstructure:"schema"`
Nobody int64 `mapstructure:"nobody"`
}

type attributes struct {
Expand Down Expand Up @@ -116,6 +117,9 @@ func New(m map[string]interface{}) (auth.Manager, error) {
c.LoginFilter = c.UserFilter
c.LoginFilter = strings.ReplaceAll(c.LoginFilter, "%s", "{{login}}")
}
if c.Nobody == 0 {
c.Nobody = 99
}

c.GatewaySvc = sharedconf.GetGatewaySVC(c.GatewaySvc)

Expand Down Expand Up @@ -184,13 +188,21 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string)
if getGroupsResp.Status.Code != rpc.Code_CODE_OK {
return nil, nil, errors.Wrap(err, "ldap: grpc getting user groups failed")
}
gidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber), 10, 64)
if err != nil {
return nil, nil, err
}
uidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber), 10, 64)
if err != nil {
return nil, nil, err
gidNumber := am.c.Nobody
gidValue := sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber)
if gidValue != "" {
gidNumber, err = strconv.ParseInt(gidValue, 10, 64)
if err != nil {
return nil, nil, err
}
}
uidNumber := am.c.Nobody
uidValue := sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber)
if uidValue != "" {
uidNumber, err = strconv.ParseInt(uidValue, 10, 64)
if err != nil {
return nil, nil, err
}
}
u := &user.User{
Id: userID,
Expand Down
11 changes: 8 additions & 3 deletions pkg/group/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ type config struct {
BindPassword string `mapstructure:"bind_password"`
Idp string `mapstructure:"idp"`
Schema attributes `mapstructure:"schema"`
Nobody int64 `mapstructure:"nobody"`
}

type attributes struct {
Expand Down Expand Up @@ -173,9 +174,13 @@ func (m *manager) GetGroup(ctx context.Context, gid *grouppb.GroupId) (*grouppb.
if err != nil {
return nil, err
}
gidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber), 10, 64)
if err != nil {
return nil, err
gidNumber := m.c.Nobody
gidValue := sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber)
if gidValue != "" {
gidNumber, err = strconv.ParseInt(gidValue, 10, 64)
if err != nil {
return nil, err
}
}

g := &grouppb.Group{
Expand Down
65 changes: 47 additions & 18 deletions pkg/user/manager/ldap/ldap.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ type config struct {
BindPassword string `mapstructure:"bind_password"`
Idp string `mapstructure:"idp"`
Schema attributes `mapstructure:"schema"`
Nobody int64 `mapstructure:"nobody"`
}

type attributes struct {
Expand Down Expand Up @@ -116,6 +117,10 @@ func New(m map[string]interface{}) (user.Manager, error) {
}
c.GroupFilter = strings.ReplaceAll(c.GroupFilter, "%s", "{{.OpaqueId}}")

if c.Nobody == 0 {
c.Nobody = 99
}

mgr := &manager{
c: c,
}
Expand Down Expand Up @@ -176,13 +181,21 @@ func (m *manager) GetUser(ctx context.Context, uid *userpb.UserId) (*userpb.User
if err != nil {
return nil, err
}
gidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber), 10, 64)
if err != nil {
return nil, err
gidNumber := m.c.Nobody
gidValue := sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber)
if gidValue != "" {
gidNumber, err = strconv.ParseInt(gidValue, 10, 64)
if err != nil {
return nil, err
}
}
uidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.UIDNumber), 10, 64)
if err != nil {
return nil, err
uidNumber := m.c.Nobody
uidValue := sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.UIDNumber)
if uidValue != "" {
uidNumber, err = strconv.ParseInt(uidValue, 10, 64)
if err != nil {
return nil, err
}
}
u := &userpb.User{
Id: id,
Expand Down Expand Up @@ -255,13 +268,21 @@ func (m *manager) GetUserByClaim(ctx context.Context, claim, value string) (*use
if err != nil {
return nil, err
}
gidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber), 10, 64)
if err != nil {
return nil, err
gidNumber := m.c.Nobody
gidValue := sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber)
if gidValue != "" {
gidNumber, err = strconv.ParseInt(gidValue, 10, 64)
if err != nil {
return nil, err
}
}
uidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.UIDNumber), 10, 64)
if err != nil {
return nil, err
uidNumber := m.c.Nobody
uidValue := sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.UIDNumber)
if uidValue != "" {
uidNumber, err = strconv.ParseInt(uidValue, 10, 64)
if err != nil {
return nil, err
}
}
u := &userpb.User{
Id: id,
Expand Down Expand Up @@ -315,13 +336,21 @@ func (m *manager) FindUsers(ctx context.Context, query string) ([]*userpb.User,
if err != nil {
return nil, err
}
gidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber), 10, 64)
if err != nil {
return nil, err
gidNumber := m.c.Nobody
gidValue := sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.GIDNumber)
if gidValue != "" {
gidNumber, err = strconv.ParseInt(gidValue, 10, 64)
if err != nil {
return nil, err
}
}
uidNumber, err := strconv.ParseInt(sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.UIDNumber), 10, 64)
if err != nil {
return nil, err
uidNumber := m.c.Nobody
uidValue := sr.Entries[0].GetEqualFoldAttributeValue(m.c.Schema.UIDNumber)
if uidValue != "" {
uidNumber, err = strconv.ParseInt(uidValue, 10, 64)
if err != nil {
return nil, err
}
}
user := &userpb.User{
Id: id,
Expand Down

0 comments on commit 79694d1

Please sign in to comment.