[PATCH pve-access-control 1/1] LDAP: support UTF-8 characters

[PMExtra]

Signed-off-by: PMExtra <pm at jubeat.net>
---
 src/PVE/Auth/LDAP.pm   | 40 +++++++++++++++++++++++++++++++++++-----
 src/PVE/Auth/Plugin.pm | 28 ++++++++++++++++++++++------
 2 files changed, 57 insertions(+), 11 deletions(-)

diff --git a/src/PVE/Auth/LDAP.pm b/src/PVE/Auth/LDAP.pm
index fc82a17..50faf4a 100755
--- a/src/PVE/Auth/LDAP.pm
+++ b/src/PVE/Auth/LDAP.pm
@@ -3,6 +3,7 @@ package PVE::Auth::LDAP;
 use strict;
 use warnings;
 
+use Encode;
 use PVE::Auth::Plugin;
 use PVE::JSONSchema;
 use PVE::LDAP;
@@ -172,6 +173,34 @@ sub options {
     };
 }
 
+sub decode_config {
+    my ($class, $config) = @_;
+
+    $config->{base_dn} = PVE::Tools::decode_text($config->{base_dn});
+    $config->{bind_dn} = PVE::Tools::decode_text($config->{bind_dn})
+	if ($config->{bind_dn});
+    $config->{filter} = PVE::Tools::decode_text($config->{filter})
+	if ($config->{filter});
+    $config->{group_dn} = PVE::Tools::decode_text($config->{group_dn})
+	if ($config->{group_dn});
+    $config->{group_filter} = PVE::Tools::decode_text($config->{group_filter})
+	if ($config->{group_filter});
+}
+
+sub encode_config {
+    my ($class, $config) = @_;
+
+    $config->{base_dn} = PVE::Tools::encode_text($config->{base_dn});
+    $config->{bind_dn} = PVE::Tools::encode_text($config->{bind_dn})
+	if ($config->{bind_dn});
+    $config->{filter} = PVE::Tools::encode_text($config->{filter})
+	if ($config->{filter});
+    $config->{group_dn} = PVE::Tools::encode_text($config->{group_dn})
+	if ($config->{group_dn});
+    $config->{group_filter} = PVE::Tools::encode_text($config->{group_filter})
+	if ($config->{group_filter});
+}
+
 sub get_scheme_and_port {
     my ($class, $config) = @_;
 
@@ -226,7 +255,7 @@ sub connect_and_bind {
 
     if (!$config->{base_dn}) {
 	my $root = $ldap->root_dse(attrs => [ 'defaultNamingContext' ]);
-	$config->{base_dn} = $root->get_value('defaultNamingContext');
+	$config->{base_dn} = decode('utf8', $root->get_value('defaultNamingContext'));
     }
 
     return $ldap;
@@ -293,7 +322,7 @@ sub get_users {
 
     foreach my $user (@$users) {
 	my $user_attributes = $user->{attributes};
-	my $userid = $user_attributes->{$user_name_attr}->[0];
+	my $userid = decode('utf8', $user_attributes->{$user_name_attr}->[0]);
 	my $username = "$userid\@$realm";
 
 	# we cannot sync usernames that do not meet our criteria
@@ -307,12 +336,12 @@ sub get_users {
 
 	foreach my $attr (keys %$user_attributes) {
 	    if (my $ours = $ldap_attribute_map->{$attr}) {
-		$ret->{$username}->{$ours} = $user_attributes->{$attr}->[0];
+		$ret->{$username}->{$ours} = decode('utf8', $user_attributes->{$attr}->[0]);
 	    }
 	}
 
 	if (wantarray) {
-	    my $dn = $user->{dn};
+	    my $dn = decode('utf8', $user->{dn});
 	    $dnmap->{lc($dn)} = $username;
 	}
     }
@@ -338,7 +367,7 @@ sub get_groups {
     my $ret = {};
 
     foreach my $group (@$groups) {
-	my $name = $group->{name};
+	my $name = decode('utf8', $group->{name});
 	if (!$name && $group->{dn} =~ m/^[^=]+=([^,]+),/){
 	    $name = PVE::Tools::trim($1);
 	}
@@ -370,6 +399,7 @@ sub authenticate_user {
     my $ldap = $class->connect_and_bind($config, $realm);
 
     my $user_dn = PVE::LDAP::get_user_dn($ldap, $username, $config->{user_attr}, $config->{base_dn});
+    $user_dn = decode('utf8', $user_dn);
     PVE::LDAP::auth_user_dn($ldap, $user_dn, $password);
 
     $ldap->unbind();
diff --git a/src/PVE/Auth/Plugin.pm b/src/PVE/Auth/Plugin.pm
index 2f64a13..cf0ff08 100755
--- a/src/PVE/Auth/Plugin.pm
+++ b/src/PVE/Auth/Plugin.pm
@@ -236,10 +236,11 @@ sub parse_config {
 	    }
 	}
 
-	if ($data->{comment}) {
-	    $data->{comment} = PVE::Tools::decode_text($data->{comment});
-	}
+	$data->{comment} = PVE::Tools::decode_text($data->{comment})
+	    if ($data->{comment});
 
+	my $plugin = $class->lookup($data->{type});
+	$plugin->decode_config($data);
     }
 
     # add default domains
@@ -261,14 +262,29 @@ sub write_config {
 
     foreach my $realm (keys %{$cfg->{ids}}) {
 	my $data = $cfg->{ids}->{$realm};
-	if ($data->{comment}) {
-	    $data->{comment} = PVE::Tools::encode_text($data->{comment});
-	}
+
+	$data->{comment} = PVE::Tools::encode_text($data->{comment})
+	    if ($data->{comment});
+
+	my $plugin = $class->lookup($data->{type});
+	$plugin->encode_config($data);
     }
 
     $class->SUPER::write_config($filename, $cfg);
 }
 
+sub decode_config {
+    my ($class, $config) = @_;
+
+    # do nothing by default
+}
+
+sub encode_config {
+    my ($class, $config) = @_;
+
+    # do nothing by default
+}
+
 sub authenticate_user {
     my ($class, $config, $realm, $username, $password) = @_;
 
-- 
2.40.1