gered/nginx-ldap-auth
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fix #11 no group wrong password fix

Browse source
This commit is contained in:
Tiago Augusto Pimenta 2019-03-25 21:39:29 -03:00
parent c60463dd0b
commit 7bf37b35a5
7 changed files with 17 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
build
View file

@ -3,7 +3,7 @@
set -e set -e
base='docker.io/tpimenta/nginx-ldap-auth' base='docker.io/tpimenta/nginx-ldap-auth'
version='v1.0.4' version='v1.0.5'
image="$base:$version" image="$base:$version"
atexit() { atexit() {

2
k8s-rbac.yaml
View file

@ -66,7 +66,7 @@ spec:
spec: spec:
serviceAccountName: nginx-ldap-auth serviceAccountName: nginx-ldap-auth
containers: containers:
- image: docker.io/tpimenta/nginx-ldap-auth:v1.0.4 - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.5
name: nginx-ldap-auth name: nginx-ldap-auth
command: command:
- "/usr/local/bin/nginx-ldap-auth" - "/usr/local/bin/nginx-ldap-auth"

2
k8s.yaml
View file

@ -26,7 +26,7 @@ spec:
app: nginx-ldap-auth app: nginx-ldap-auth
spec: spec:
containers: containers:
- image: docker.io/tpimenta/nginx-ldap-auth:v1.0.4 - image: docker.io/tpimenta/nginx-ldap-auth:v1.0.5
name: nginx-ldap-auth name: nginx-ldap-auth
command: command:
- "/usr/local/bin/nginx-ldap-auth" - "/usr/local/bin/nginx-ldap-auth"

9
ldap/jail.go
View file

@ -6,15 +6,18 @@ import (
ldap "gopkg.in/ldap.v2" ldap "gopkg.in/ldap.v2"
) )
func (p *Pool) networkJail(f func() error) error { func (p *Pool) networkJail(f func() error) (bool, error) {
err := f() err := f()
if err != nil && ldap.IsErrorWithCode(err, ldap.ErrorNetwork) { if err != nil && ldap.IsErrorWithCode(err, ldap.ErrorNetwork) {
log.Printf("Network problem, trying to reconnect once: %v.\n", err) log.Printf("Network problem, trying to reconnect once: %v.\n", err)
err = p.Connect() err = p.Connect()
if err != nil { if err != nil {
return err return false, err
} }
err = f() err = f()
if err != nil && ldap.IsErrorWithCode(err, ldap.ErrorNetwork) {
return false, err
}
} }
return err return true, err
} }

8
ldap/login.go
View file

@ -10,9 +10,13 @@ func (p *Pool) Validate(username, password string) (bool, error) {
} }
p.admin = false p.admin = false
err = p.networkJail(func() error { var ok bool
ok, err = p.networkJail(func() error {
return p.conn.Bind(username, password) return p.conn.Bind(username, password)
}) })
if !ok {
return false, err
}
if err != nil { if err != nil {
return true, err return true, err
} }
@ -30,7 +34,7 @@ func (p *Pool) auth() error {
return nil return nil
} }
err := p.networkJail(func() error { _, err := p.networkJail(func() error {
return p.conn.Bind(p.username, p.password) return p.conn.Bind(p.username, p.password)
}) })
if err == nil { if err == nil {

2
ldap/search.go
View file

@ -22,7 +22,7 @@ func (p *Pool) Search(base, filter string, attr string) (bool, string, []string,
} }
var res *ldap.SearchResult var res *ldap.SearchResult
err = p.networkJail(func() error { _, err = p.networkJail(func() error {
res, err = p.conn.Search(ldap.NewSearchRequest( res, err = p.conn.Search(ldap.NewSearchRequest(
base, base,
ldap.ScopeWholeSubtree, ldap.ScopeWholeSubtree,

2
rule/service.go
View file

@ -54,7 +54,7 @@ func (p *Service) validate(username, password string) (bool, error) {
return false, err return false, err
} }
if !ok || p.required == nil || len(p.required) == 0 { if !ok || err != nil || p.required == nil || len(p.required) == 0 {
return err == nil, nil return err == nil, nil
} }