Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
salt.9528
fixing-issue-when-a-valid-token-is-generated-ev...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fixing-issue-when-a-valid-token-is-generated-even-wh.patch of Package salt.9528
From 27a3cc9ebc871302d906163418a548006367b9e9 Mon Sep 17 00:00:00 2001 From: "Gareth J. Greenaway" <gareth@wiked.org> Date: Thu, 2 Aug 2018 15:35:24 -0700 Subject: [PATCH] Fixing issue when a valid token is generated even when invalid user credentials are passed. This change verifies that the binddn credentials are valid, then verifies that the username & password (if not None) are also valid. --- salt/auth/ldap.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/auth/ldap.py b/salt/auth/ldap.py index cbfb03a2f2..0b9aa69fe4 100644 --- a/salt/auth/ldap.py +++ b/salt/auth/ldap.py @@ -283,9 +283,15 @@ def auth(username, password): log.error('LDAP authentication requires python-ldap module') return False - # If bind credentials are configured, use them instead of user's + # If bind credentials are configured, verify that we can a valid bind if _config('binddn', mandatory=False) and _config('bindpw', mandatory=False): bind = _bind_for_search(anonymous=_config('anonymous', mandatory=False)) + + # If username & password are not None, attempt to verify they are valid + if bind and username and password: + bind = _bind(username, password, + anonymous=_config('auth_by_group_membership_only', mandatory=False) + and _config('anonymous', mandatory=False)) else: bind = _bind(username, password, anonymous=_config('auth_by_group_membership_only', mandatory=False) -- 2.19.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor