mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
Patch upstream to add anonymous ldap filter
This commit is contained in:
Josué Tille
parent
b2e2341ff1
commit
29da503830
2 changed files with 115 additions and 1 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
|
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
|
||||||
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
||||||
code_dir="/opt/yunohost/matrix-$app"
|
code_dir="/opt/yunohost/matrix-$app"
|
||||||
base_api_url="/_matrix"
|
base_api_url="/_matrix"
|
||||||
|
|
@ -58,6 +58,14 @@ install_sources() {
|
||||||
deactivate
|
deactivate
|
||||||
set -$u_arg;
|
set -$u_arg;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Apply patch for LDAP auth if needed
|
||||||
|
env
|
||||||
|
if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then
|
||||||
|
pushd $code_dir/lib/python$python_version/site-packages
|
||||||
|
patch < $YNH_APP_BASEDIR/sources/ldap_auth_filter_anonymous_user.patch
|
||||||
|
popd
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_synapse() {
|
configure_synapse() {
|
||||||
|
|
|
||||||
106
sources/ldap_auth_filter_anonymous_user.patch
Normal file
106
sources/ldap_auth_filter_anonymous_user.patch
Normal file
|
|
@ -0,0 +1,106 @@
|
||||||
|
diff --git a/ldap_auth_provider.py b/ldap_auth_provider.py
|
||||||
|
index 3646948..96296b6 100644
|
||||||
|
--- a/ldap_auth_provider.py
|
||||||
|
+++ b/ldap_auth_provider.py
|
||||||
|
@@ -373,9 +373,12 @@ class LdapAuthProvider:
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
+ # LDAP Filter anonymous user Applied
|
||||||
|
ldap_config = _LdapConfig(
|
||||||
|
enabled=config.get("enabled", False),
|
||||||
|
- mode=LDAPMode.SIMPLE,
|
||||||
|
+ mode=LDAPMode.SEARCH
|
||||||
|
+ if config.get("mode", "simple") == "search"
|
||||||
|
+ else LDAPMode.SIMPLE,
|
||||||
|
uri=config["uri"],
|
||||||
|
start_tls=config.get("start_tls", False),
|
||||||
|
tls_options=config.get("tls_options"),
|
||||||
|
@@ -403,6 +406,8 @@ class LdapAuthProvider:
|
||||||
|
raise ValueError(
|
||||||
|
"Either bind_password or bind_password_file must be set!"
|
||||||
|
)
|
||||||
|
+
|
||||||
|
+ if ldap_config.mode == LDAPMode.SEARCH:
|
||||||
|
ldap_config.filter = config.get("filter", None)
|
||||||
|
|
||||||
|
# verify attribute lookup
|
||||||
|
@@ -461,13 +466,16 @@ class LdapAuthProvider:
|
||||||
|
server = self._get_server(get_info=ldap3.DSA)
|
||||||
|
|
||||||
|
if self.ldap_bind_dn is None or self.ldap_bind_password is None:
|
||||||
|
- raise ValueError("Missing bind DN or bind password")
|
||||||
|
-
|
||||||
|
- result, conn = await self._ldap_simple_bind(
|
||||||
|
- server=server,
|
||||||
|
- bind_dn=self.ldap_bind_dn,
|
||||||
|
- password=self.ldap_bind_password,
|
||||||
|
- )
|
||||||
|
+ result, conn = await self._ldap_simple_bind(
|
||||||
|
+ server=server,
|
||||||
|
+ auth_type=ldap3.ANONYMOUS,
|
||||||
|
+ )
|
||||||
|
+ else:
|
||||||
|
+ result, conn = await self._ldap_simple_bind(
|
||||||
|
+ server=server,
|
||||||
|
+ bind_dn=self.ldap_bind_dn,
|
||||||
|
+ password=self.ldap_bind_password,
|
||||||
|
+ )
|
||||||
|
|
||||||
|
if not result:
|
||||||
|
logger.warning("Unable to get root domain due to failed LDAP bind")
|
||||||
|
@@ -503,7 +511,11 @@ class LdapAuthProvider:
|
||||||
|
return self.ldap_root_domain
|
||||||
|
|
||||||
|
async def _ldap_simple_bind(
|
||||||
|
- self, server: ldap3.ServerPool, bind_dn: str, password: str
|
||||||
|
+ self,
|
||||||
|
+ server: ldap3.ServerPool,
|
||||||
|
+ bind_dn: Optional[str] = None,
|
||||||
|
+ password: Optional[str] = None,
|
||||||
|
+ auth_type: str = ldap3.SIMPLE,
|
||||||
|
) -> Tuple[bool, Optional[ldap3.Connection]]:
|
||||||
|
"""Attempt a simple bind with the credentials given by the user against
|
||||||
|
the LDAP server.
|
||||||
|
@@ -513,6 +525,8 @@ class LdapAuthProvider:
|
||||||
|
Returns False, None
|
||||||
|
if an error occured
|
||||||
|
"""
|
||||||
|
+ if (bind_dn is None or password is None) and auth_type == ldap3.SIMPLE:
|
||||||
|
+ raise ValueError("Missing bind DN or bind password")
|
||||||
|
|
||||||
|
try:
|
||||||
|
# bind with the the local user's ldap credentials
|
||||||
|
@@ -521,7 +535,7 @@ class LdapAuthProvider:
|
||||||
|
server,
|
||||||
|
bind_dn,
|
||||||
|
password,
|
||||||
|
- authentication=ldap3.SIMPLE,
|
||||||
|
+ authentication=auth_type,
|
||||||
|
read_only=True,
|
||||||
|
)
|
||||||
|
logger.debug("Established LDAP connection in simple bind mode: %s", conn)
|
||||||
|
@@ -578,13 +592,16 @@ class LdapAuthProvider:
|
||||||
|
|
||||||
|
try:
|
||||||
|
if self.ldap_bind_dn is None or self.ldap_bind_password is None:
|
||||||
|
- raise ValueError("Missing bind DN or bind password")
|
||||||
|
-
|
||||||
|
- result, conn = await self._ldap_simple_bind(
|
||||||
|
- server=server,
|
||||||
|
- bind_dn=self.ldap_bind_dn,
|
||||||
|
- password=self.ldap_bind_password,
|
||||||
|
- )
|
||||||
|
+ result, conn = await self._ldap_simple_bind(
|
||||||
|
+ server=server,
|
||||||
|
+ auth_type=ldap3.ANONYMOUS,
|
||||||
|
+ )
|
||||||
|
+ else:
|
||||||
|
+ result, conn = await self._ldap_simple_bind(
|
||||||
|
+ server=server,
|
||||||
|
+ bind_dn=self.ldap_bind_dn,
|
||||||
|
+ password=self.ldap_bind_password,
|
||||||
|
+ )
|
||||||
|
|
||||||
|
if not result:
|
||||||
|
return (False, None, None)
|
||||||
Loading…
Add table
Reference in a new issue