From 3b7fb1861b41ba73d8de406d6b071ddfb30c0ebd Mon Sep 17 00:00:00 2001 From: Alex Dehnert Date: Tue, 24 May 2011 16:31:37 -0400 Subject: [PATCH] Fix issues with user setup in the scripts backend In particular: * Properly escape usernames before passing them to LDAP * Error out if the user can't be found In theory, neither should be an issue, because this should only get called if certs are in use, so the username should be sane and present in LDAP. Thanks to Anders for bringing the first issue to my attention. --- django/mit/__init__.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/django/mit/__init__.py b/django/mit/__init__.py index 78ba4de..1a19dc8 100644 --- a/django/mit/__init__.py +++ b/django/mit/__init__.py @@ -1,4 +1,6 @@ import subprocess +import ldap +import ldap.filter from django.contrib.auth.middleware import RemoteUserMiddleware from django.contrib.auth.backends import RemoteUserBackend @@ -26,12 +28,12 @@ class ScriptsRemoteUserBackend(RemoteUserBackend): def configure_user(self, user, ): username = user.username user.password = "ScriptsSSLAuth" - import ldap con = ldap.open('ldap.mit.edu') con.simple_bind_s("", "") dn = "dc=mit,dc=edu" fields = ['cn', 'sn', 'givenName', 'mail', ] - result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields) + userfilter = ldap.filter.filter_format('uid=%s', [username]) + result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields) if len(result) == 1: user.first_name = result[0][1]['givenName'][0] user.last_name = result[0][1]['sn'][0] @@ -40,6 +42,8 @@ class ScriptsRemoteUserBackend(RemoteUserBackend): user.groups.add(auth.models.Group.objects.get(name='mit')) except ObjectDoesNotExist: print "Failed to retrieve mit group" + else: + raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter)) try: user.groups.add(auth.models.Group.objects.get(name='autocreated')) except ObjectDoesNotExist: -- 2.45.0