Commit 03dc27f8 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

fix(auth): posix group set with a dn

issue #1319
parent 3efea1c3
......@@ -367,17 +367,35 @@ sub add_to_group {
=cut
sub _search_posix_group($self, $name) {
my $base = 'ou=groups,'._dc_base();
my $field = 'cn';
if ($name =~ /(.*?)=(.*)/) {
$field = $1;
$name = $2;
if ($name =~ /(.*?),(.*)/) {
$name = $1;
$base = $2;
}
}
my @posix_group = search_user (
name => $name
,base => $base
,field => $field
);
warn "WARNING: found too many entries for posix_group $name"
.Dumper([map {$_->dn } @posix_group])
if (scalar @posix_group > 1);
return $posix_group[0];
}
sub login($self) {
my $user_ok;
my $allowed;
my $posix_group_name = $$CONFIG->{ldap}->{ravada_posix_group};
if ($posix_group_name) {
my ($posix_group) = search_user (
name => $posix_group_name
,field => 'cn'
, base => 'ou=groups,'._dc_base()
);
my $posix_group = $self->_search_posix_group($posix_group_name);
if (!$posix_group) {
warn "Warning: posix group $posix_group_name not found";
return;
......
......@@ -264,7 +264,23 @@ sub test_user_bind {
}
sub _init_config($file_config, $with_admin, $with_posix_group, $with_filter = 0) {
sub _init_config(%arg) {
my $with_admin = delete $arg{with_admin};
my $with_filter = ( delete $arg{with_filter} or 0 );
my $file_config = delete $arg{file_config};
my $with_posix_group = delete $arg{with_posix_group};
my $with_dn_posix_group = delete $arg{with_dn_posix_group};
my $with_cn_posix_group = delete $arg{with_cn_posix_group};
confess "Error: unknown args ".Dumper(\%arg) if keys %arg;
my $ravada_posix_group = $RAVADA_POSIX_GROUP;
if ( $with_dn_posix_group ) {
my ($entry) = _search_ldap($ravada_posix_group);
$ravada_posix_group = $entry->dn;
} elsif ( $with_cn_posix_group ) {
$ravada_posix_group = "cn=$ravada_posix_group";
}
if ( ! -e $file_config) {
my $config = {
ldap => {
......@@ -272,7 +288,7 @@ sub _init_config($file_config, $with_admin, $with_posix_group, $with_filter = 0)
,base => "dc=example,dc=com"
,admin_group => $ADMIN_GROUP
,auth => 'match'
,ravada_posix_group => $RAVADA_POSIX_GROUP
,ravada_posix_group => $ravada_posix_group
}
};
DumpFile($file_config,$config);
......@@ -280,11 +296,8 @@ sub _init_config($file_config, $with_admin, $with_posix_group, $with_filter = 0)
my $config = LoadFile($file_config);
delete $config->{ldap}->{admin_group} if !$with_admin;
if ($with_posix_group) {
if ( !exists $config->{ldap}->{ravada_posix_group}
|| !$config->{ldap}->{ravada_posix_group}) {
$config->{ldap}->{ravada_posix_group} = $RAVADA_POSIX_GROUP;
diag("Adding ravada_posix_group = $RAVADA_POSIX_GROUP in $file_config");
}
$config->{ldap}->{ravada_posix_group} = $ravada_posix_group;
diag("Adding ravada_posix_group = $ravada_posix_group in $file_config");
} else {
delete $config->{ldap}->{ravada_posix_group};
}
......@@ -339,6 +352,13 @@ sub _add_posix_group {
return $group[0];
}
sub _search_ldap($cn) {
my $ldap = Ravada::Auth::LDAP::_init_ldap_admin();
my $mesg = $ldap->search( filter => "cn=$cn" );
my @found = $mesg->entries;
return @found;
}
sub _add_to_posix_group($user_name, $with_posix_group) {
my $group = _add_posix_group();
......@@ -364,7 +384,7 @@ sub _add_to_posix_group($user_name, $with_posix_group) {
sub test_filter {
my $file_config = "t/etc/ravada_ldap.conf";
my $fly_config = _init_config($file_config, 0, 0, 1);
my $fly_config = _init_config(file_config => $file_config, with_filter => 1);
SKIP: {
my $ravada;
eval { $ravada = Ravada->new(config => $fly_config
......@@ -528,7 +548,16 @@ SKIP: {
my $file_config = "t/etc/ravada_ldap.conf";
for my $with_posix_group (0,1) {
for my $with_admin (0,1) {
my $fly_config = _init_config($file_config, $with_admin, $with_posix_group);
for my $with_dn_posix_group (0,1) {
next if !$with_posix_group;
for my $with_cn_posix_group (0,1) {
my $fly_config = _init_config(
file_config => $file_config
,with_admin => $with_admin
,with_posix_group => $with_posix_group
,with_dn_posix_group => $with_dn_posix_group
,with_cn_posix_group => $with_cn_posix_group
);
my $ravada = Ravada->new(config => $fly_config
, connector => connector);
$ravada->_install();
......@@ -570,6 +599,8 @@ SKIP: {
unlink($fly_config) if -e $fly_config;
}
}
}
}
};
end();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment