forked from Deuxfleurs/bottin
Forbid "/" in DN
This commit is contained in:
parent
7e4079b3d8
commit
c7534dd06b
1 changed files with 47 additions and 14 deletions
61
main.go
61
main.go
|
@ -16,7 +16,11 @@ import (
|
||||||
message "github.com/vjeantet/goldap/message"
|
message "github.com/vjeantet/goldap/message"
|
||||||
)
|
)
|
||||||
|
|
||||||
func dnToConsul(dn string) string {
|
func dnToConsul(dn string) (string, error) {
|
||||||
|
if strings.Contains(dn, "/") {
|
||||||
|
return "", fmt.Errorf("DN %s contains a /", dn)
|
||||||
|
}
|
||||||
|
|
||||||
rdns := strings.Split(dn, ",")
|
rdns := strings.Split(dn, ",")
|
||||||
|
|
||||||
// Reverse rdns
|
// Reverse rdns
|
||||||
|
@ -24,7 +28,7 @@ func dnToConsul(dn string) string {
|
||||||
rdns[i], rdns[j] = rdns[j], rdns[i]
|
rdns[i], rdns[j] = rdns[j], rdns[i]
|
||||||
}
|
}
|
||||||
|
|
||||||
return strings.Join(rdns, "/")
|
return strings.Join(rdns, "/"), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func consulToDN(pair *consul.KVPair) (string, string, []byte) {
|
func consulToDN(pair *consul.KVPair) (string, string, []byte) {
|
||||||
|
@ -173,7 +177,12 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (server *Server) init() error {
|
func (server *Server) init() error {
|
||||||
pair, _, err := server.kv.Get(dnToConsul(server.config.Suffix)+"/attribute=objectClass", nil)
|
path, err := dnToConsul(server.config.Suffix)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
pair, _, err := server.kv.Get(path+"/attribute=objectClass", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -227,7 +236,11 @@ func (server *Server) init() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (server *Server) addElements(dn string, attrs Entry) error {
|
func (server *Server) addElements(dn string, attrs Entry) error {
|
||||||
prefix := dnToConsul(dn)
|
prefix, err := dnToConsul(dn)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
for k, v := range attrs {
|
for k, v := range attrs {
|
||||||
json, err := json.Marshal(v)
|
json, err := json.Marshal(v)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -243,7 +256,12 @@ func (server *Server) addElements(dn string, attrs Entry) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (server *Server) getAttribute(dn string, attr string) ([]string, error) {
|
func (server *Server) getAttribute(dn string, attr string) ([]string, error) {
|
||||||
pair, _, err := server.kv.Get(dnToConsul(dn) + "/attribute=" + attr, nil)
|
path, err := dnToConsul(dn)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
pair, _, err := server.kv.Get(path + "/attribute=" + attr, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -256,9 +274,12 @@ func (server *Server) getAttribute(dn string, attr string) ([]string, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (server *Server) objectExists(dn string) (bool, error) {
|
func (server *Server) objectExists(dn string) (bool, error) {
|
||||||
prefix := dnToConsul(dn) + "/"
|
prefix, err := dnToConsul(dn)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
data, _, err := server.kv.List(prefix, nil)
|
data, _, err := server.kv.List(prefix + "/", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
@ -343,9 +364,12 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ldap.LDAPResultInvalidDNSyntax, err
|
return ldap.LDAPResultInvalidDNSyntax, err
|
||||||
}
|
}
|
||||||
basePath := dnToConsul(baseObject) + "/"
|
basePath, err := dnToConsul(baseObject)
|
||||||
|
if err != nil {
|
||||||
|
return ldap.LDAPResultInvalidDNSyntax, err
|
||||||
|
}
|
||||||
|
|
||||||
data, _, err := server.kv.List(basePath, nil)
|
data, _, err := server.kv.List(basePath + "/", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ldap.LDAPResultOperationsError, err
|
return ldap.LDAPResultOperationsError, err
|
||||||
}
|
}
|
||||||
|
@ -354,7 +378,7 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ldap.LDAPResultOperationsError, err
|
return ldap.LDAPResultOperationsError, err
|
||||||
}
|
}
|
||||||
log.Printf("in %s: %#v", basePath, data)
|
log.Printf("in %s: %#v", basePath + "/", data)
|
||||||
log.Printf("%#v", entries)
|
log.Printf("%#v", entries)
|
||||||
|
|
||||||
for dn, entry := range entries {
|
for dn, entry := range entries {
|
||||||
|
@ -631,8 +655,12 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
|
||||||
// TODO check user for permissions to write dn
|
// TODO check user for permissions to write dn
|
||||||
|
|
||||||
// Check that this LDAP entry exists and has no children
|
// Check that this LDAP entry exists and has no children
|
||||||
path := dnToConsul(dn) + "/"
|
path, err := dnToConsul(dn)
|
||||||
items, _, err := server.kv.List(path, nil)
|
if err != nil {
|
||||||
|
return ldap.LDAPResultInvalidDNSyntax, err
|
||||||
|
}
|
||||||
|
|
||||||
|
items, _, err := server.kv.List(path + "/", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ldap.LDAPResultOperationsError, err
|
return ldap.LDAPResultOperationsError, err
|
||||||
}
|
}
|
||||||
|
@ -655,7 +683,7 @@ func (server *Server) handleDeleteInternal(state *State, r *message.DelRequest)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete the LDAP entry
|
// Delete the LDAP entry
|
||||||
_, err = server.kv.DeleteTree(path, nil)
|
_, err = server.kv.DeleteTree(path + "/", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ldap.LDAPResultOperationsError, err
|
return ldap.LDAPResultOperationsError, err
|
||||||
}
|
}
|
||||||
|
@ -712,7 +740,12 @@ func (server *Server) handleModifyInternal(state *State, r *message.ModifyReques
|
||||||
// TODO check user for permissions to write dn
|
// TODO check user for permissions to write dn
|
||||||
|
|
||||||
// Retrieve previous values (by the way, check object exists)
|
// Retrieve previous values (by the way, check object exists)
|
||||||
items, _, err := server.kv.List(dnToConsul(dn) + "/attribute=", nil)
|
path, err := dnToConsul(dn)
|
||||||
|
if err != nil {
|
||||||
|
return ldap.LDAPResultInvalidDNSyntax, err
|
||||||
|
}
|
||||||
|
|
||||||
|
items, _, err := server.kv.List(path + "/attribute=", nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ldap.LDAPResultOperationsError, err
|
return ldap.LDAPResultOperationsError, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue