MirrorMirror
/
lufi
mirror of https://framagit.org/fiat-tux/hat-softwares/lufi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix ldap filtering

This commit is contained in:
popi 2017-06-22 23:05:17 +02:00
parent 6f88225661
commit 14cc832552
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/Lufi.pm
View File

@ -11,6 +11,7 @@ $ENV{MOJO_MAX_WEBSOCKET_SIZE} = 100485760; # 10 * 1024 * 1024 = 10MiB
# This method will run once at server start # This method will run once at server start
sub startup { sub startup {
my $self = shift; my $self = shift;
my $entry = undef;
my $config = $self->plugin('Config' => { my $config = $self->plugin('Config' => {
default => { default => {
@ -95,8 +96,15 @@ sub startup {
$c->app->log->error($mesg->error); $c->app->log->error($mesg->error);
return undef; return undef;
} }
# Now we know that the user exists # we filtered out, but did we actually get a non-empty result?
$entry = $mesg->shift_entry;
if (!defined $entry) {
$c->app->log->info("[LDAP authentication failed] - User $username filtered out, IP: ".$c->ip);
return undef;
}
# Now we know that the user exists, and that he is authorized by the filter
$mesg = $ldap->bind('uid='.$username.$c->config->{ldap}->{bind_dn}, $mesg = $ldap->bind('uid='.$username.$c->config->{ldap}->{bind_dn},
password => $password password => $password
); );
@ -110,7 +118,7 @@ sub startup {
$c->app->log->info("[LDAP authentication successful] login: $username, IP: ".$c->ip); $c->app->log->info("[LDAP authentication successful] login: $username, IP: ".$c->ip);
} elsif (defined($c->config('htpasswd'))) { } elsif (defined($c->config('htpasswd'))) {
my $htpasswd = new Apache::Htpasswd({passwdFile => $c->config->{htpasswd}, my $htpasswd = new Apache::Htpasswd({passwdFile => $c->config->{htpasswd},
ReadOnly => 1} ReadOnly => 1}
); );
if (!$htpasswd->htCheckPassword($username, $password)) { if (!$htpasswd->htCheckPassword($username, $password)) {
return undef; return undef;
@ -277,9 +285,12 @@ sub startup {
if($c->authenticate($login, $pwd)) { if($c->authenticate($login, $pwd)) {
$c->redirect_to('index'); $c->redirect_to('index');
} else { } elsif (defined $entry) {
$c->stash(msg => $c->l('Please, check your credentials: unable to authenticate.')); $c->stash(msg => $c->l('Please, check your credentials: unable to authenticate.'));
$c->render(template => 'login'); $c->render(template => 'login');
} else {
$c->stash(msg => $c->l('Sorry mate, you are not authorised to use that service. Contact your sysadmin if you think there\'s a glitch in the matrix.'));
$c->render(template => 'login');
} }
}); });
# Logout page # Logout page