Don't do stupid things like use a dn as a pattern
Also add metadata fields in objects created on initialization
This commit is contained in:
parent
e9fb34bb26
commit
8a605f44b0
5 changed files with 16 additions and 12 deletions
10
acl.go
10
acl.go
|
@ -87,8 +87,14 @@ func (entry *ACLEntry) Check(login *Login, action string, target string, attribu
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rule_target_with_self := strings.ReplaceAll(entry.target, "SELF", login.user)
|
matchTarget := match(entry.target, target)
|
||||||
if !match(rule_target_with_self, target) {
|
if !matchTarget && len(target) >= len(login.user) {
|
||||||
|
start := len(target) - len(login.user)
|
||||||
|
if target[start:] == login.user {
|
||||||
|
matchTarget = match(entry.target, target[:start]+"SELF")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !matchTarget {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ job "directory" {
|
||||||
task "server" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "lxpz/gobottin_amd64:3"
|
image = "lxpz/gobottin_amd64:5"
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
port_map {
|
port_map {
|
||||||
ldap_port = 1389
|
ldap_port = 1389
|
||||||
|
|
11
main.go
11
main.go
|
@ -205,6 +205,9 @@ func (server *Server) init() error {
|
||||||
base_attributes := Entry{
|
base_attributes := Entry{
|
||||||
"objectClass": []string{"top", "dcObject", "organization"},
|
"objectClass": []string{"top", "dcObject", "organization"},
|
||||||
"structuralObjectClass": []string{"Organization"},
|
"structuralObjectClass": []string{"Organization"},
|
||||||
|
ATTR_CREATORSNAME: []string{server.config.Suffix},
|
||||||
|
ATTR_CREATETIMESTAMP: []string{genTimestamp()},
|
||||||
|
ATTR_ENTRYUUID: []string{genUuid()},
|
||||||
}
|
}
|
||||||
suffix_dn, err := parseDN(server.config.Suffix)
|
suffix_dn, err := parseDN(server.config.Suffix)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -227,9 +230,11 @@ func (server *Server) init() error {
|
||||||
"objectClass": []string{"simpleSecurityObject", "organizationalRole"},
|
"objectClass": []string{"simpleSecurityObject", "organizationalRole"},
|
||||||
"description": []string{"LDAP administrator"},
|
"description": []string{"LDAP administrator"},
|
||||||
"cn": []string{"admin"},
|
"cn": []string{"admin"},
|
||||||
ATTR_USERPASSWORD: []string{admin_pass_hash},
|
|
||||||
"structuralObjectClass": []string{"organizationalRole"},
|
"structuralObjectClass": []string{"organizationalRole"},
|
||||||
"permissions": []string{"read", "write"},
|
ATTR_USERPASSWORD: []string{admin_pass_hash},
|
||||||
|
ATTR_CREATORSNAME: []string{server.config.Suffix},
|
||||||
|
ATTR_CREATETIMESTAMP: []string{genTimestamp()},
|
||||||
|
ATTR_ENTRYUUID: []string{genUuid()},
|
||||||
}
|
}
|
||||||
|
|
||||||
err = server.addElements(admin_dn, admin_attributes)
|
err = server.addElements(admin_dn, admin_attributes)
|
||||||
|
@ -373,5 +378,3 @@ func (server *Server) handleBindInternal(state *State, r *message.BindRequest) (
|
||||||
}
|
}
|
||||||
return ldap.LDAPResultInvalidCredentials, nil
|
return ldap.LDAPResultInvalidCredentials, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
2
read.go
2
read.go
|
@ -8,7 +8,6 @@ import (
|
||||||
message "github.com/vjeantet/goldap/message"
|
message "github.com/vjeantet/goldap/message"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
// Compare request -------------------------
|
// Compare request -------------------------
|
||||||
|
|
||||||
func (server *Server) handleCompare(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
func (server *Server) handleCompare(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
||||||
|
@ -62,7 +61,6 @@ func (server *Server) handleCompareInternal(state *State, r *message.CompareRequ
|
||||||
return ldap.LDAPResultCompareFalse, nil
|
return ldap.LDAPResultCompareFalse, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Search request -------------------------
|
// Search request -------------------------
|
||||||
|
|
||||||
func (server *Server) handleSearch(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
func (server *Server) handleSearch(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
||||||
|
|
3
write.go
3
write.go
|
@ -8,7 +8,6 @@ import (
|
||||||
message "github.com/vjeantet/goldap/message"
|
message "github.com/vjeantet/goldap/message"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
// Add request ------------------------
|
// Add request ------------------------
|
||||||
|
|
||||||
func (server *Server) handleAdd(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
func (server *Server) handleAdd(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
||||||
|
@ -149,7 +148,6 @@ func (server *Server) handleAddInternal(state *State, r *message.AddRequest) (in
|
||||||
return ldap.LDAPResultSuccess, nil
|
return ldap.LDAPResultSuccess, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Delete request ------------------------
|
// Delete request ------------------------
|
||||||
|
|
||||||
func (server *Server) handleDelete(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
func (server *Server) handleDelete(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
||||||
|
@ -279,7 +277,6 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
|
||||||
return ldap.LDAPResultSuccess, nil
|
return ldap.LDAPResultSuccess, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Modify request ------------------------
|
// Modify request ------------------------
|
||||||
|
|
||||||
func (server *Server) handleModify(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
func (server *Server) handleModify(s ldap.UserState, w ldap.ResponseWriter, m *ldap.Message) {
|
||||||
|
|
Loading…
Reference in a new issue