Browse Source

Don't do stupid things like use a dn as a pattern

Also add metadata fields in objects created on initialization
pull/1/head
Alex 9 months ago
parent
commit
8a605f44b0
5 changed files with 16 additions and 12 deletions
  1. +8
    -2
      acl.go
  2. +1
    -1
      gobottin.hcl.example
  3. +7
    -4
      main.go
  4. +0
    -2
      read.go
  5. +0
    -3
      write.go

+ 8
- 2
acl.go View File

@@ -87,8 +87,14 @@ func (entry *ACLEntry) Check(login *Login, action string, target string, attribu
}
}

rule_target_with_self := strings.ReplaceAll(entry.target, "SELF", login.user)
if !match(rule_target_with_self, target) {
matchTarget := match(entry.target, target)
if !matchTarget && len(target) >= len(login.user) {
start := len(target) - len(login.user)
if target[start:] == login.user {
matchTarget = match(entry.target, target[:start]+"SELF")
}
}
if !matchTarget {
return false
}



+ 1
- 1
gobottin.hcl.example View File

@@ -12,7 +12,7 @@ job "directory" {
task "server" {
driver = "docker"
config {
image = "lxpz/gobottin_amd64:3"
image = "lxpz/gobottin_amd64:5"
readonly_rootfs = true
port_map {
ldap_port = 1389


+ 7
- 4
main.go View File

@@ -205,6 +205,9 @@ func (server *Server) init() error {
base_attributes := Entry{
"objectClass": []string{"top", "dcObject", "organization"},
"structuralObjectClass": []string{"Organization"},
ATTR_CREATORSNAME: []string{server.config.Suffix},
ATTR_CREATETIMESTAMP: []string{genTimestamp()},
ATTR_ENTRYUUID: []string{genUuid()},
}
suffix_dn, err := parseDN(server.config.Suffix)
if err != nil {
@@ -227,9 +230,11 @@ func (server *Server) init() error {
"objectClass": []string{"simpleSecurityObject", "organizationalRole"},
"description": []string{"LDAP administrator"},
"cn": []string{"admin"},
ATTR_USERPASSWORD: []string{admin_pass_hash},
"structuralObjectClass": []string{"organizationalRole"},
"permissions": []string{"read", "write"},
ATTR_USERPASSWORD: []string{admin_pass_hash},
ATTR_CREATORSNAME: []string{server.config.Suffix},
ATTR_CREATETIMESTAMP: []string{genTimestamp()},
ATTR_ENTRYUUID: []string{genUuid()},
}

err = server.addElements(admin_dn, admin_attributes)
@@ -373,5 +378,3 @@ func (server *Server) handleBindInternal(state *State, r *message.BindRequest) (
}
return ldap.LDAPResultInvalidCredentials, nil
}



+ 0
- 2
read.go View File

@@ -8,7 +8,6 @@ import (
message "github.com/vjeantet/goldap/message"
)


// Compare request -------------------------

func (server *Server) handleCompare(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
@@ -62,7 +61,6 @@ func (server *Server) handleCompareInternal(state *State, r *message.CompareRequ
return ldap.LDAPResultCompareFalse, nil
}


// Search request -------------------------

func (server *Server) handleSearch(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {


+ 0
- 3
write.go View File

@@ -8,7 +8,6 @@ import (
message "github.com/vjeantet/goldap/message"
)


// Add request ------------------------

func (server *Server) handleAdd(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
@@ -149,7 +148,6 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
return ldap.LDAPResultSuccess, nil
}


// Delete request ------------------------

func (server *Server) handleDelete(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
@@ -279,7 +277,6 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
return ldap.LDAPResultSuccess, nil
}


// Modify request ------------------------

func (server *Server) handleModify(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {


Loading…
Cancel
Save