internal: fix nil pointer dereference in ldap outpost

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-05-21 15:48:50 +02:00
parent ebb44c992b
commit 5c91658484
6 changed files with 16 additions and 13 deletions

View file

@ -48,8 +48,8 @@ func (sb *SessionBinder) Bind(username string, req *bind.Request) (ldap.LDAPResu
result, err := sb.DirectBinder.Bind(username, req)
// Only cache the result if there's been an error
if err == nil {
flags, ok := sb.si.GetFlags(req.BindDN)
if !ok {
flags := sb.si.GetFlags(req.BindDN)
if flags == nil {
sb.log.Error("user flags not set after bind")
return result, err
}

View file

@ -38,7 +38,7 @@ type ProviderInstance struct {
outpostPk int32
searchAllowedGroups []*strfmt.UUID
boundUsersMutex sync.RWMutex
boundUsers map[string]flags.UserFlags
boundUsers map[string]*flags.UserFlags
uidStartNumber int32
gidStartNumber int32
@ -68,16 +68,19 @@ func (pi *ProviderInstance) GetOutpostName() string {
return pi.outpostName
}
func (pi *ProviderInstance) GetFlags(dn string) (flags.UserFlags, bool) {
func (pi *ProviderInstance) GetFlags(dn string) *flags.UserFlags {
pi.boundUsersMutex.RLock()
defer pi.boundUsersMutex.RUnlock()
flags, ok := pi.boundUsers[dn]
pi.boundUsersMutex.RUnlock()
return flags, ok
if !ok {
return nil
}
return flags
}
func (pi *ProviderInstance) SetFlags(dn string, flag flags.UserFlags) {
pi.boundUsersMutex.Lock()
pi.boundUsers[dn] = flag
pi.boundUsers[dn] = &flag
pi.boundUsersMutex.Unlock()
}

View file

@ -44,7 +44,7 @@ func (ls *LDAPServer) Refresh() error {
// Get existing instance so we can transfer boundUsers
existing := ls.getCurrentProvider(provider.Pk)
users := make(map[string]flags.UserFlags)
users := make(map[string]*flags.UserFlags)
if existing != nil {
existing.boundUsersMutex.RLock()
users = existing.boundUsers

View file

@ -70,8 +70,8 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult,
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ds.si.GetBaseDN())
}
flags, ok := ds.si.GetFlags(req.BindDN)
if !ok {
flags := ds.si.GetFlags(req.BindDN)
if flags == nil {
req.Log().Debug("User info not cached")
metrics.RequestsRejected.With(prometheus.Labels{
"outpost_name": ds.si.GetOutpostName(),

View file

@ -73,8 +73,8 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ms.si.GetBaseDN())
}
flags, ok := ms.si.GetFlags(req.BindDN)
if !ok {
flags := ms.si.GetFlags(req.BindDN)
if flags == nil {
req.Log().Debug("User info not cached")
metrics.RequestsRejected.With(prometheus.Labels{
"outpost_name": ms.si.GetOutpostName(),

View file

@ -31,7 +31,7 @@ type LDAPServerInstance interface {
UsersForGroup(api.Group) []string
GetFlags(dn string) (flags.UserFlags, bool)
GetFlags(dn string) *flags.UserFlags
SetFlags(dn string, flags flags.UserFlags)
GetBaseEntry() *ldap.Entry