mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-29 22:07:32 +02:00
LDAP group DN should be case insensitive
Fix issue #5776, LDAP servers are case insensitive. because only LDAP group DN is used to compare/equal operation, lowercase all LDAP group DN when retrieves it from LDAP server, and lowercase them before save in DB Signed-off-by: stonezdj <stonezdj@gmail.com>
This commit is contained in:
parent
5427c0064c
commit
9dca49ba6e
@ -15,7 +15,9 @@
|
|||||||
package dao
|
package dao
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/goharbor/harbor/src/common"
|
||||||
"github.com/goharbor/harbor/src/common/models"
|
"github.com/goharbor/harbor/src/common/models"
|
||||||
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AuthModeCanBeModified determines whether auth mode can be
|
// AuthModeCanBeModified determines whether auth mode can be
|
||||||
@ -51,6 +53,9 @@ func GetConfigEntries() ([]*models.ConfigEntry, error) {
|
|||||||
func SaveConfigEntries(entries []models.ConfigEntry) error {
|
func SaveConfigEntries(entries []models.ConfigEntry) error {
|
||||||
o := GetOrmer()
|
o := GetOrmer()
|
||||||
for _, entry := range entries {
|
for _, entry := range entries {
|
||||||
|
if entry.Key == common.LdapGroupAdminDn {
|
||||||
|
entry.Value = utils.TrimLower(entry.Value)
|
||||||
|
}
|
||||||
tempEntry := models.ConfigEntry{}
|
tempEntry := models.ConfigEntry{}
|
||||||
tempEntry.Key = entry.Key
|
tempEntry.Key = entry.Key
|
||||||
tempEntry.Value = entry.Value
|
tempEntry.Value = entry.Value
|
||||||
|
@ -19,6 +19,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/goharbor/harbor/src/common"
|
"github.com/goharbor/harbor/src/common"
|
||||||
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
|
|
||||||
"github.com/goharbor/harbor/src/common/dao"
|
"github.com/goharbor/harbor/src/common/dao"
|
||||||
"github.com/goharbor/harbor/src/common/models"
|
"github.com/goharbor/harbor/src/common/models"
|
||||||
@ -33,7 +34,7 @@ func AddUserGroup(userGroup models.UserGroup) (int, error) {
|
|||||||
var id int
|
var id int
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
|
|
||||||
err := o.Raw(sql, userGroup.GroupName, userGroup.GroupType, userGroup.LdapGroupDN, now, now).QueryRow(&id)
|
err := o.Raw(sql, userGroup.GroupName, userGroup.GroupType, utils.TrimLower(userGroup.LdapGroupDN), now, now).QueryRow(&id)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
@ -59,7 +60,7 @@ func QueryUserGroup(query models.UserGroup) ([]*models.UserGroup, error) {
|
|||||||
|
|
||||||
if len(query.LdapGroupDN) != 0 {
|
if len(query.LdapGroupDN) != 0 {
|
||||||
sql += ` and ldap_group_dn = ? `
|
sql += ` and ldap_group_dn = ? `
|
||||||
sqlParam = append(sqlParam, query.LdapGroupDN)
|
sqlParam = append(sqlParam, utils.TrimLower(query.LdapGroupDN))
|
||||||
}
|
}
|
||||||
if query.ID != 0 {
|
if query.ID != 0 {
|
||||||
sql += ` and id = ? `
|
sql += ` and id = ? `
|
||||||
|
@ -47,7 +47,7 @@ func TestMain(m *testing.M) {
|
|||||||
initSqls := []string{
|
initSqls := []string{
|
||||||
"insert into harbor_user (username, email, password, realname) values ('member_test_01', 'member_test_01@example.com', '123456', 'member_test_01')",
|
"insert into harbor_user (username, email, password, realname) values ('member_test_01', 'member_test_01@example.com', '123456', 'member_test_01')",
|
||||||
"insert into project (name, owner_id) values ('member_test_01', 1)",
|
"insert into project (name, owner_id) values ('member_test_01', 1)",
|
||||||
"insert into user_group (group_name, group_type, ldap_group_dn) values ('test_group_01', 1, 'CN=harbor_users,OU=sample,OU=vmware,DC=harbor,DC=com')",
|
"insert into user_group (group_name, group_type, ldap_group_dn) values ('test_group_01', 1, 'cn=harbor_users,ou=sample,ou=vmware,dc=harbor,dc=com')",
|
||||||
"update project set owner_id = (select user_id from harbor_user where username = 'member_test_01') where name = 'member_test_01'",
|
"update project set owner_id = (select user_id from harbor_user where username = 'member_test_01') where name = 'member_test_01'",
|
||||||
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select user_id from harbor_user where username = 'member_test_01'), 'u', 1)",
|
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select user_id from harbor_user where username = 'member_test_01'), 'u', 1)",
|
||||||
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_group_01'), 'g', 1)",
|
"insert into project_member (project_id, entity_id, entity_type, role) values ( (select project_id from project where name = 'member_test_01') , (select id from user_group where group_name = 'test_group_01'), 'g', 1)",
|
||||||
|
@ -209,3 +209,8 @@ func ParseOfftime(offtime int64) (hour, minite, second int) {
|
|||||||
second = int(offtime % 60)
|
second = int(offtime % 60)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TrimLower ...
|
||||||
|
func TrimLower(str string) string {
|
||||||
|
return strings.TrimSpace(strings.ToLower(str))
|
||||||
|
}
|
||||||
|
@ -359,3 +359,25 @@ func TestParseOfftime(t *testing.T) {
|
|||||||
assert.Equal(t, c.second, s)
|
assert.Equal(t, c.second, s)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestTrimLower(t *testing.T) {
|
||||||
|
type args struct {
|
||||||
|
str string
|
||||||
|
}
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
args args
|
||||||
|
want string
|
||||||
|
}{
|
||||||
|
{"normal", args{" CN=example,DC=test,DC=com "}, "cn=example,dc=test,dc=com"},
|
||||||
|
{"empty", args{" "}, ""},
|
||||||
|
{"empty2", args{""}, ""},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
if got := TrimLower(tt.args.str); got != tt.want {
|
||||||
|
t.Errorf("TrimLower() = %v, want %v", got, tt.want)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -20,6 +20,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/goharbor/harbor/src/common"
|
"github.com/goharbor/harbor/src/common"
|
||||||
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
goldap "gopkg.in/ldap.v2"
|
goldap "gopkg.in/ldap.v2"
|
||||||
|
|
||||||
"github.com/goharbor/harbor/src/common/dao"
|
"github.com/goharbor/harbor/src/common/dao"
|
||||||
@ -89,10 +90,11 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
|
|||||||
// Retrieve ldap related info in login to avoid too many traffic with LDAP server.
|
// Retrieve ldap related info in login to avoid too many traffic with LDAP server.
|
||||||
// Get group admin dn
|
// Get group admin dn
|
||||||
groupCfg, err := config.LDAPGroupConf()
|
groupCfg, err := config.LDAPGroupConf()
|
||||||
groupAdminDN := strings.TrimSpace(groupCfg.LdapGroupAdminDN)
|
groupAdminDN := utils.TrimLower(groupCfg.LdapGroupAdminDN)
|
||||||
// Attach user group
|
// Attach user group
|
||||||
for _, groupDN := range ldapUsers[0].GroupDNList {
|
for _, groupDN := range ldapUsers[0].GroupDNList {
|
||||||
|
|
||||||
|
groupDN = utils.TrimLower(groupDN)
|
||||||
if len(groupAdminDN) > 0 && groupAdminDN == groupDN {
|
if len(groupAdminDN) > 0 && groupAdminDN == groupDN {
|
||||||
u.HasAdminRole = true
|
u.HasAdminRole = true
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user