From: Alex Dehnert Date: Tue, 24 May 2011 20:31:37 +0000 (-0400) Subject: Fix issues with user setup in the scripts backend X-Git-Url: https://snippets.scripts.mit.edu/gitweb.cgi/Scripts/git/.git/commitdiff_plain/3b7fb1861b41ba73d8de406d6b071ddfb30c0ebd Fix issues with user setup in the scripts backend In particular: * Properly escape usernames before passing them to LDAP * Error out if the user can't be found In theory, neither should be an issue, because this should only get called if certs are in use, so the username should be sane and present in LDAP. Thanks to Anders for bringing the first issue to my attention. --- diff --git a/django/mit/__init__.py b/django/mit/__init__.py index 78ba4de..1a19dc8 100644 --- a/django/mit/__init__.py +++ b/django/mit/__init__.py @@ -1,4 +1,6 @@ import subprocess +import ldap +import ldap.filter from django.contrib.auth.middleware import RemoteUserMiddleware from django.contrib.auth.backends import RemoteUserBackend @@ -26,12 +28,12 @@ class ScriptsRemoteUserBackend(RemoteUserBackend): def configure_user(self, user, ): username = user.username user.password = "ScriptsSSLAuth" - import ldap con = ldap.open('ldap.mit.edu') con.simple_bind_s("", "") dn = "dc=mit,dc=edu" fields = ['cn', 'sn', 'givenName', 'mail', ] - result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields) + userfilter = ldap.filter.filter_format('uid=%s', [username]) + result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields) if len(result) == 1: user.first_name = result[0][1]['givenName'][0] user.last_name = result[0][1]['sn'][0] @@ -40,6 +42,8 @@ class ScriptsRemoteUserBackend(RemoteUserBackend): user.groups.add(auth.models.Group.objects.get(name='mit')) except ObjectDoesNotExist: print "Failed to retrieve mit group" + else: + raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter)) try: user.groups.add(auth.models.Group.objects.get(name='autocreated')) except ObjectDoesNotExist: