Don't do stupid things like use a dn as a pattern

Also add metadata fields in objects created on initialization
3 years ago · 8a605f44b0
parent e9fb34bb26
commit 8a605f44b0
5 changed files with 16 additions and 12 deletions
--- a/acl.go
+++ b/acl.go
@ -87,8 +87,14 @@ func (entry *ACLEntry) Check(login *Login, action string, target string, attribu
 		}
 	}

-	rule_target_with_self := strings.ReplaceAll(entry.target, "SELF", login.user)
-	if !match(rule_target_with_self, target) {
+	matchTarget := match(entry.target, target)
+	if !matchTarget && len(target) >= len(login.user) {
+		start := len(target) - len(login.user)
+		if target[start:] == login.user {
+			matchTarget = match(entry.target, target[:start]+"SELF")
+		}
+	}
+	if !matchTarget {
 		return false
 	}

--- a/gobottin.hcl.example
+++ b/gobottin.hcl.example
@ -12,7 +12,7 @@ job "directory" {
    task "server" {
      driver = "docker"
      config {
-        image = "lxpz/gobottin_amd64:3"
+        image = "lxpz/gobottin_amd64:5"
        readonly_rootfs = true
        port_map {
          ldap_port = 1389
--- a/main.go
+++ b/main.go
@ -205,6 +205,9 @@ func (server *Server) init() error {
 	base_attributes := Entry{
 		"objectClass":           []string{"top", "dcObject", "organization"},
 		"structuralObjectClass": []string{"Organization"},
+		ATTR_CREATORSNAME:       []string{server.config.Suffix},
+		ATTR_CREATETIMESTAMP:    []string{genTimestamp()},
+		ATTR_ENTRYUUID:          []string{genUuid()},
 	}
 	suffix_dn, err := parseDN(server.config.Suffix)
 	if err != nil {
@ -227,9 +230,11 @@ func (server *Server) init() error {
 		"objectClass":           []string{"simpleSecurityObject", "organizationalRole"},
 		"description":           []string{"LDAP administrator"},
 		"cn":                    []string{"admin"},
-		ATTR_USERPASSWORD:       []string{admin_pass_hash},
 		"structuralObjectClass": []string{"organizationalRole"},
-		"permissions":           []string{"read", "write"},
+		ATTR_USERPASSWORD:       []string{admin_pass_hash},
+		ATTR_CREATORSNAME:       []string{server.config.Suffix},
+		ATTR_CREATETIMESTAMP:    []string{genTimestamp()},
+		ATTR_ENTRYUUID:          []string{genUuid()},
 	}

 	err = server.addElements(admin_dn, admin_attributes)
@ -373,5 +378,3 @@ func (server *Server) handleBindInternal(state *State, r *message.BindRequest) (
 	}
 	return ldap.LDAPResultInvalidCredentials, nil
 }
-
-
--- a/read.go
+++ b/read.go
@ -8,7 +8,6 @@ import (
 	message "github.com/vjeantet/goldap/message"
 )

-
 // Compare request -------------------------

 func (server *Server) handleCompare(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
@ -62,7 +61,6 @@ func (server *Server) handleCompareInternal(state *State, r *message.CompareRequ
 	return ldap.LDAPResultCompareFalse, nil
 }

-
 // Search request -------------------------

 func (server *Server) handleSearch(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
--- a/write.go
+++ b/write.go
@ -8,7 +8,6 @@ import (
 	message "github.com/vjeantet/goldap/message"
 )

-
 // Add request ------------------------

 func (server *Server) handleAdd(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
@ -149,7 +148,6 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
 	return ldap.LDAPResultSuccess, nil
 }

-
 // Delete request ------------------------

 func (server *Server) handleDelete(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
@ -279,7 +277,6 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
 	return ldap.LDAPResultSuccess, nil
 }

-
 // Modify request ------------------------

 func (server *Server) handleModify(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {