Changeset 3b03cc6

Timestamp:

May 24, 2011, 4:36:12 PM (15 years ago)

Author:

Alex Dehnert <adehnert@…>

Branches:

master, client

Children:

4cc9c2c

Parents:

c9047b1

git-author:

Alex Dehnert <adehnert@…> (05/24/11 16:31:37)

git-committer:

Alex Dehnert <adehnert@…> (05/24/11 16:36:12)

Message:

Fix issues with user setup in the scripts backend

In particular:

• Properly escape usernames before passing them to LDAP
• Error out if the user can't be found

In theory, neither should be an issue, because this should only get called if
certs are in use, so the username should be sane and present in LDAP.

Thanks to Anders for bringing the first issue to my attention.

File:

• remit/mit/__init__.py (modified) (3 diffs)

remit/mit/__init__.py

@@ -1 +1 @@
 import subprocess
+import ldap
+import ldap.filter
 
 from django.contrib.auth.middleware import RemoteUserMiddleware
@@ -27 +29 @@
         username = user.username
         user.password = "ScriptsSSLAuth"
-        import ldap
         con = ldap.open('ldap.mit.edu')
         con.simple_bind_s("", "")
         dn = "dc=mit,dc=edu"
         fields = ['cn', 'sn', 'givenName', 'mail', ]
-        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields)
+        userfilter = ldap.filter.filter_format('uid=%s', [username])
+        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
         if len(result) == 1:
             user.first_name = result[0][1]['givenName'][0]
@@ -41 +43 @@
             except ObjectDoesNotExist:
                 print "Failed to retrieve mit group"
+        else:
+            raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
         try:
             user.groups.add(auth.models.Group.objects.get(name='autocreated'))