Deuxfleurs
/
bottin
23
4
Fork 2
Code Issues 7 Pull Requests 1 Releases Activity

Forbid "/" in DN

This commit is contained in:
Alex 2020-01-19 22:27:54 +01:00
parent 7e4079b3d8
commit c7534dd06b
1 changed files with 47 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
main.go
View File

@ -16,7 +16,11 @@ import (
message "github.com/vjeantet/goldap/message" message "github.com/vjeantet/goldap/message"
) )
func dnToConsul(dn string) string { func dnToConsul(dn string) (string, error) {
if strings.Contains(dn, "/") {
return "", fmt.Errorf("DN %s contains a /", dn)
}
rdns := strings.Split(dn, ",") rdns := strings.Split(dn, ",")
// Reverse rdns // Reverse rdns
@ -24,7 +28,7 @@ func dnToConsul(dn string) string {
rdns[i], rdns[j] = rdns[j], rdns[i] rdns[i], rdns[j] = rdns[j], rdns[i]
} }
return strings.Join(rdns, "/") return strings.Join(rdns, "/"), nil
} }
func consulToDN(pair *consul.KVPair) (string, string, []byte) { func consulToDN(pair *consul.KVPair) (string, string, []byte) {
@ -173,7 +177,12 @@ func main() {
} }
func (server *Server) init() error { func (server *Server) init() error {
pair, _, err := server.kv.Get(dnToConsul(server.config.Suffix)+"/attribute=objectClass", nil) path, err := dnToConsul(server.config.Suffix)
if err != nil {
return err
}
pair, _, err := server.kv.Get(path+"/attribute=objectClass", nil)
if err != nil { if err != nil {
return err return err
} }
@ -227,7 +236,11 @@ func (server *Server) init() error {
} }
func (server *Server) addElements(dn string, attrs Entry) error { func (server *Server) addElements(dn string, attrs Entry) error {
prefix := dnToConsul(dn) prefix, err := dnToConsul(dn)
if err != nil {
return err
}
for k, v := range attrs { for k, v := range attrs {
json, err := json.Marshal(v) json, err := json.Marshal(v)
if err != nil { if err != nil {
@ -243,7 +256,12 @@ func (server *Server) addElements(dn string, attrs Entry) error {
} }
func (server *Server) getAttribute(dn string, attr string) ([]string, error) { func (server *Server) getAttribute(dn string, attr string) ([]string, error) {
pair, _, err := server.kv.Get(dnToConsul(dn) + "/attribute=" + attr, nil) path, err := dnToConsul(dn)
if err != nil {
return nil, err
}
pair, _, err := server.kv.Get(path + "/attribute=" + attr, nil)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -256,9 +274,12 @@ func (server *Server) getAttribute(dn string, attr string) ([]string, error) {
} }
func (server *Server) objectExists(dn string) (bool, error) { func (server *Server) objectExists(dn string) (bool, error) {
prefix := dnToConsul(dn) + "/" prefix, err := dnToConsul(dn)
if err != nil {
return false, err
}
data, _, err := server.kv.List(prefix, nil) data, _, err := server.kv.List(prefix + "/", nil)
if err != nil { if err != nil {
return false, err return false, err
} }
@ -343,9 +364,12 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
if err != nil { if err != nil {
return ldap.LDAPResultInvalidDNSyntax, err return ldap.LDAPResultInvalidDNSyntax, err
} }
basePath := dnToConsul(baseObject) + "/" basePath, err := dnToConsul(baseObject)
if err != nil {
return ldap.LDAPResultInvalidDNSyntax, err
}
data, _, err := server.kv.List(basePath, nil) data, _, err := server.kv.List(basePath + "/", nil)
if err != nil { if err != nil {
return ldap.LDAPResultOperationsError, err return ldap.LDAPResultOperationsError, err
} }
@ -354,7 +378,7 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
if err != nil { if err != nil {
return ldap.LDAPResultOperationsError, err return ldap.LDAPResultOperationsError, err
} }
log.Printf("in %s: %#v", basePath, data) log.Printf("in %s: %#v", basePath + "/", data)
log.Printf("%#v", entries) log.Printf("%#v", entries)
for dn, entry := range entries { for dn, entry := range entries {
@ -631,8 +655,12 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
// TODO check user for permissions to write dn // TODO check user for permissions to write dn
// Check that this LDAP entry exists and has no children // Check that this LDAP entry exists and has no children
path := dnToConsul(dn) + "/" path, err := dnToConsul(dn)
items, _, err := server.kv.List(path, nil) if err != nil {
return ldap.LDAPResultInvalidDNSyntax, err
}
items, _, err := server.kv.List(path + "/", nil)
if err != nil { if err != nil {
return ldap.LDAPResultOperationsError, err return ldap.LDAPResultOperationsError, err
} }
@ -655,7 +683,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
} }
// Delete the LDAP entry // Delete the LDAP entry
_, err = server.kv.DeleteTree(path, nil) _, err = server.kv.DeleteTree(path + "/", nil)
if err != nil { if err != nil {
return ldap.LDAPResultOperationsError, err return ldap.LDAPResultOperationsError, err
} }
@ -712,7 +740,12 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
// TODO check user for permissions to write dn // TODO check user for permissions to write dn
// Retrieve previous values (by the way, check object exists) // Retrieve previous values (by the way, check object exists)
items, _, err := server.kv.List(dnToConsul(dn) + "/attribute=", nil) path, err := dnToConsul(dn)
if err != nil {
return ldap.LDAPResultInvalidDNSyntax, err
}
items, _, err := server.kv.List(path + "/attribute=", nil)
if err != nil { if err != nil {
return ldap.LDAPResultOperationsError, err return ldap.LDAPResultOperationsError, err
} }