From: Alex Dehnert Date: Tue, 24 May 2011 20:31:37 +0000 (-0400) Subject: Fix issues with user setup in the scripts backend X-Git-Url: https://snippets.scripts.mit.edu/gitweb.cgi/Scripts/git/.git/commitdiff_plain/3b7fb1861b41ba73d8de406d6b071ddfb30c0ebd?hp=2a644ab1cfed458a1afe7d0277afdfefa63f6248 Fix issues with user setup in the scripts backend In particular: * Properly escape usernames before passing them to LDAP * Error out if the user can't be found In theory, neither should be an issue, because this should only get called if certs are in use, so the username should be sane and present in LDAP. Thanks to Anders for bringing the first issue to my attention. --- diff --git a/django/mit/__init__.py b/django/mit/__init__.py index 78ba4de..1a19dc8 100644 --- a/django/mit/__init__.py +++ b/django/mit/__init__.py @@ -1,4 +1,6 @@ import subprocess +import ldap +import ldap.filter from django.contrib.auth.middleware import RemoteUserMiddleware from django.contrib.auth.backends import RemoteUserBackend @@ -26,12 +28,12 @@ class ScriptsRemoteUserBackend(RemoteUserBackend): def configure_user(self, user, ): username = user.username user.password = "ScriptsSSLAuth" - import ldap con = ldap.open('ldap.mit.edu') con.simple_bind_s("", "") dn = "dc=mit,dc=edu" fields = ['cn', 'sn', 'givenName', 'mail', ] - result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields) + userfilter = ldap.filter.filter_format('uid=%s', [username]) + result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields) if len(result) == 1: user.first_name = result[0][1]['givenName'][0] user.last_name = result[0][1]['sn'][0] @@ -40,6 +42,8 @@ class ScriptsRemoteUserBackend(RemoteUserBackend): user.groups.add(auth.models.Group.objects.get(name='mit')) except ObjectDoesNotExist: print "Failed to retrieve mit group" + else: + raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter)) try: user.groups.add(auth.models.Group.objects.get(name='autocreated')) except ObjectDoesNotExist: