mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
ldap: ignore unknown filters
This commit is contained in:
Valentin Tolmer
nitnelave
parent
1d8582f937
commit
a0b0b455ed
@ -711,11 +711,20 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
|
|||||||
))))
|
))))
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
let field = map_field(field)?;
|
let mapped_field = map_field(field);
|
||||||
if field == "display_name" {
|
if mapped_field.is_ok()
|
||||||
|
&& (mapped_field.as_ref().unwrap() == "display_name"
|
||||||
|
|| mapped_field.as_ref().unwrap() == "user_id")
|
||||||
|
{
|
||||||
Ok(GroupRequestFilter::DisplayName(value.clone()))
|
Ok(GroupRequestFilter::DisplayName(value.clone()))
|
||||||
} else {
|
} else {
|
||||||
bail!("Unsupported group attribute: {:?}", field)
|
warn!(
|
||||||
|
r#"Ignoring unknown group attribute "{:?}" in filter"#,
|
||||||
|
field
|
||||||
|
);
|
||||||
|
Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(
|
||||||
|
vec![],
|
||||||
|
))))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -786,13 +795,22 @@ impl<Backend: BackendHandler + LoginHandler + OpaqueHandler> LdapHandler<Backend
|
|||||||
))))
|
))))
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
let field = map_field(field)?;
|
match map_field(field) {
|
||||||
|
Ok(field) => {
|
||||||
if field == "user_id" {
|
if field == "user_id" {
|
||||||
Ok(UserRequestFilter::UserId(UserId::new(value)))
|
Ok(UserRequestFilter::UserId(UserId::new(value)))
|
||||||
} else {
|
} else {
|
||||||
Ok(UserRequestFilter::Equality(field, value.clone()))
|
Ok(UserRequestFilter::Equality(field, value.clone()))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Err(_) => {
|
||||||
|
warn!(r#"Ignoring unknown user attribute "{}" in filter"#, field);
|
||||||
|
Ok(UserRequestFilter::Not(Box::new(UserRequestFilter::And(
|
||||||
|
vec![],
|
||||||
|
))))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
LdapFilter::Present(field) => {
|
LdapFilter::Present(field) => {
|
||||||
let field = &field.to_ascii_lowercase();
|
let field = &field.to_ascii_lowercase();
|
||||||
@ -1330,6 +1348,9 @@ mod tests {
|
|||||||
GroupRequestFilter::Not(Box::new(GroupRequestFilter::Not(Box::new(
|
GroupRequestFilter::Not(Box::new(GroupRequestFilter::Not(Box::new(
|
||||||
GroupRequestFilter::And(vec![]),
|
GroupRequestFilter::And(vec![]),
|
||||||
)))),
|
)))),
|
||||||
|
GroupRequestFilter::Not(Box::new(
|
||||||
|
GroupRequestFilter::And(vec![]),
|
||||||
|
)),
|
||||||
]))))
|
]))))
|
||||||
.times(1)
|
.times(1)
|
||||||
.return_once(|_| {
|
.return_once(|_| {
|
||||||
@ -1355,6 +1376,7 @@ mod tests {
|
|||||||
LdapFilter::Not(Box::new(LdapFilter::Present(
|
LdapFilter::Not(Box::new(LdapFilter::Present(
|
||||||
"random_attribUte".to_string(),
|
"random_attribUte".to_string(),
|
||||||
))),
|
))),
|
||||||
|
LdapFilter::Equality("unknown_attribute".to_string(), "randomValue".to_string()),
|
||||||
]),
|
]),
|
||||||
vec!["1.1"],
|
vec!["1.1"],
|
||||||
);
|
);
|
||||||
@ -1449,9 +1471,9 @@ mod tests {
|
|||||||
let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;
|
let mut ldap_handler = setup_bound_handler(MockTestBackendHandler::new()).await;
|
||||||
let request = make_search_request(
|
let request = make_search_request(
|
||||||
"ou=groups,dc=example,dc=com",
|
"ou=groups,dc=example,dc=com",
|
||||||
LdapFilter::And(vec![LdapFilter::Equality(
|
LdapFilter::And(vec![LdapFilter::Substring(
|
||||||
"whatever".to_string(),
|
"whatever".to_string(),
|
||||||
"group_1".to_string(),
|
ldap3_server::proto::LdapSubstringFilter::default(),
|
||||||
)]),
|
)]),
|
||||||
vec!["cn"],
|
vec!["cn"],
|
||||||
);
|
);
|
||||||
@ -1459,7 +1481,8 @@ mod tests {
|
|||||||
ldap_handler.do_search(&request).await,
|
ldap_handler.do_search(&request).await,
|
||||||
vec![make_search_error(
|
vec![make_search_error(
|
||||||
LdapResultCode::UnwillingToPerform,
|
LdapResultCode::UnwillingToPerform,
|
||||||
"Unsupported group filter: Unknown field: whatever".to_string()
|
r#"Unsupported group filter: Unsupported group filter: Substring("whatever", LdapSubstringFilter { initial: None, any: [], final_: None })"#
|
||||||
|
.to_string()
|
||||||
)]
|
)]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -1476,6 +1499,7 @@ mod tests {
|
|||||||
UserRequestFilter::And(vec![]),
|
UserRequestFilter::And(vec![]),
|
||||||
UserRequestFilter::And(vec![]),
|
UserRequestFilter::And(vec![]),
|
||||||
UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![]))),
|
UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![]))),
|
||||||
|
UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![]))),
|
||||||
]),
|
]),
|
||||||
]))))
|
]))))
|
||||||
.times(1)
|
.times(1)
|
||||||
@ -1492,6 +1516,7 @@ mod tests {
|
|||||||
LdapFilter::Present("objectClass".to_string()),
|
LdapFilter::Present("objectClass".to_string()),
|
||||||
LdapFilter::Present("uid".to_string()),
|
LdapFilter::Present("uid".to_string()),
|
||||||
LdapFilter::Present("unknown".to_string()),
|
LdapFilter::Present("unknown".to_string()),
|
||||||
|
LdapFilter::Equality("unknown_attribute".to_string(), "randomValue".to_string()),
|
||||||
])]),
|
])]),
|
||||||
vec!["objectClass"],
|
vec!["objectClass"],
|
||||||
);
|
);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user