[PATCH pve-access-control 1/1] LDAP: support UTF-8 characters
PMExtra
pm at jubeat.net
Wed May 24 13:42:04 CEST 2023
Signed-off-by: PMExtra <pm at jubeat.net>
---
src/PVE/Auth/LDAP.pm | 40 +++++++++++++++++++++++++++++++++++-----
src/PVE/Auth/Plugin.pm | 28 ++++++++++++++++++++++------
2 files changed, 57 insertions(+), 11 deletions(-)
diff --git a/src/PVE/Auth/LDAP.pm b/src/PVE/Auth/LDAP.pm
index fc82a17..50faf4a 100755
--- a/src/PVE/Auth/LDAP.pm
+++ b/src/PVE/Auth/LDAP.pm
@@ -3,6 +3,7 @@ package PVE::Auth::LDAP;
use strict;
use warnings;
+use Encode;
use PVE::Auth::Plugin;
use PVE::JSONSchema;
use PVE::LDAP;
@@ -172,6 +173,34 @@ sub options {
};
}
+sub decode_config {
+ my ($class, $config) = @_;
+
+ $config->{base_dn} = PVE::Tools::decode_text($config->{base_dn});
+ $config->{bind_dn} = PVE::Tools::decode_text($config->{bind_dn})
+ if ($config->{bind_dn});
+ $config->{filter} = PVE::Tools::decode_text($config->{filter})
+ if ($config->{filter});
+ $config->{group_dn} = PVE::Tools::decode_text($config->{group_dn})
+ if ($config->{group_dn});
+ $config->{group_filter} = PVE::Tools::decode_text($config->{group_filter})
+ if ($config->{group_filter});
+}
+
+sub encode_config {
+ my ($class, $config) = @_;
+
+ $config->{base_dn} = PVE::Tools::encode_text($config->{base_dn});
+ $config->{bind_dn} = PVE::Tools::encode_text($config->{bind_dn})
+ if ($config->{bind_dn});
+ $config->{filter} = PVE::Tools::encode_text($config->{filter})
+ if ($config->{filter});
+ $config->{group_dn} = PVE::Tools::encode_text($config->{group_dn})
+ if ($config->{group_dn});
+ $config->{group_filter} = PVE::Tools::encode_text($config->{group_filter})
+ if ($config->{group_filter});
+}
+
sub get_scheme_and_port {
my ($class, $config) = @_;
@@ -226,7 +255,7 @@ sub connect_and_bind {
if (!$config->{base_dn}) {
my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]);
- $config->{base_dn} = $root->get_value('defaultNamingContext');
+ $config->{base_dn} = decode('utf8', $root->get_value('defaultNamingContext'));
}
return $ldap;
@@ -293,7 +322,7 @@ sub get_users {
foreach my $user (@$users) {
my $user_attributes = $user->{attributes};
- my $userid = $user_attributes->{$user_name_attr}->[0];
+ my $userid = decode('utf8', $user_attributes->{$user_name_attr}->[0]);
my $username = "$userid\@$realm";
# we cannot sync usernames that do not meet our criteria
@@ -307,12 +336,12 @@ sub get_users {
foreach my $attr (keys %$user_attributes) {
if (my $ours = $ldap_attribute_map->{$attr}) {
- $ret->{$username}->{$ours} = $user_attributes->{$attr}->[0];
+ $ret->{$username}->{$ours} = decode('utf8', $user_attributes->{$attr}->[0]);
}
}
if (wantarray) {
- my $dn = $user->{dn};
+ my $dn = decode('utf8', $user->{dn});
$dnmap->{lc($dn)} = $username;
}
}
@@ -338,7 +367,7 @@ sub get_groups {
my $ret = {};
foreach my $group (@$groups) {
- my $name = $group->{name};
+ my $name = decode('utf8', $group->{name});
if (!$name && $group->{dn} =~ m/^[^=]+=([^,]+),/){
$name = PVE::Tools::trim($1);
}
@@ -370,6 +399,7 @@ sub authenticate_user {
my $ldap = $class->connect_and_bind($config, $realm);
my $user_dn = PVE::LDAP::get_user_dn($ldap, $username, $config->{user_attr}, $config->{base_dn});
+ $user_dn = decode('utf8', $user_dn);
PVE::LDAP::auth_user_dn($ldap, $user_dn, $password);
$ldap->unbind();
diff --git a/src/PVE/Auth/Plugin.pm b/src/PVE/Auth/Plugin.pm
index 2f64a13..cf0ff08 100755
--- a/src/PVE/Auth/Plugin.pm
+++ b/src/PVE/Auth/Plugin.pm
@@ -236,10 +236,11 @@ sub parse_config {
}
}
- if ($data->{comment}) {
- $data->{comment} = PVE::Tools::decode_text($data->{comment});
- }
+ $data->{comment} = PVE::Tools::decode_text($data->{comment})
+ if ($data->{comment});
+ my $plugin = $class->lookup($data->{type});
+ $plugin->decode_config($data);
}
# add default domains
@@ -261,14 +262,29 @@ sub write_config {
foreach my $realm (keys %{$cfg->{ids}}) {
my $data = $cfg->{ids}->{$realm};
- if ($data->{comment}) {
- $data->{comment} = PVE::Tools::encode_text($data->{comment});
- }
+
+ $data->{comment} = PVE::Tools::encode_text($data->{comment})
+ if ($data->{comment});
+
+ my $plugin = $class->lookup($data->{type});
+ $plugin->encode_config($data);
}
$class->SUPER::write_config($filename, $cfg);
}
+sub decode_config {
+ my ($class, $config) = @_;
+
+ # do nothing by default
+}
+
+sub encode_config {
+ my ($class, $config) = @_;
+
+ # do nothing by default
+}
+
sub authenticate_user {
my ($class, $config, $realm, $username, $password) = @_;
--
2.40.1
More information about the pve-devel
mailing list