internal: fix nil pointer dereference in ldap outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ebb44c992b
commit
5c91658484
|
@ -48,8 +48,8 @@ func (sb *SessionBinder) Bind(username string, req *bind.Request) (ldap.LDAPResu
|
|||
result, err := sb.DirectBinder.Bind(username, req)
|
||||
// Only cache the result if there's been an error
|
||||
if err == nil {
|
||||
flags, ok := sb.si.GetFlags(req.BindDN)
|
||||
if !ok {
|
||||
flags := sb.si.GetFlags(req.BindDN)
|
||||
if flags == nil {
|
||||
sb.log.Error("user flags not set after bind")
|
||||
return result, err
|
||||
}
|
||||
|
|
|
@ -38,7 +38,7 @@ type ProviderInstance struct {
|
|||
outpostPk int32
|
||||
searchAllowedGroups []*strfmt.UUID
|
||||
boundUsersMutex sync.RWMutex
|
||||
boundUsers map[string]flags.UserFlags
|
||||
boundUsers map[string]*flags.UserFlags
|
||||
|
||||
uidStartNumber int32
|
||||
gidStartNumber int32
|
||||
|
@ -68,16 +68,19 @@ func (pi *ProviderInstance) GetOutpostName() string {
|
|||
return pi.outpostName
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) GetFlags(dn string) (flags.UserFlags, bool) {
|
||||
func (pi *ProviderInstance) GetFlags(dn string) *flags.UserFlags {
|
||||
pi.boundUsersMutex.RLock()
|
||||
defer pi.boundUsersMutex.RUnlock()
|
||||
flags, ok := pi.boundUsers[dn]
|
||||
pi.boundUsersMutex.RUnlock()
|
||||
return flags, ok
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
return flags
|
||||
}
|
||||
|
||||
func (pi *ProviderInstance) SetFlags(dn string, flag flags.UserFlags) {
|
||||
pi.boundUsersMutex.Lock()
|
||||
pi.boundUsers[dn] = flag
|
||||
pi.boundUsers[dn] = &flag
|
||||
pi.boundUsersMutex.Unlock()
|
||||
}
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@ func (ls *LDAPServer) Refresh() error {
|
|||
|
||||
// Get existing instance so we can transfer boundUsers
|
||||
existing := ls.getCurrentProvider(provider.Pk)
|
||||
users := make(map[string]flags.UserFlags)
|
||||
users := make(map[string]*flags.UserFlags)
|
||||
if existing != nil {
|
||||
existing.boundUsersMutex.RLock()
|
||||
users = existing.boundUsers
|
||||
|
|
|
@ -70,8 +70,8 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
|||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ds.si.GetBaseDN())
|
||||
}
|
||||
|
||||
flags, ok := ds.si.GetFlags(req.BindDN)
|
||||
if !ok {
|
||||
flags := ds.si.GetFlags(req.BindDN)
|
||||
if flags == nil {
|
||||
req.Log().Debug("User info not cached")
|
||||
metrics.RequestsRejected.With(prometheus.Labels{
|
||||
"outpost_name": ds.si.GetOutpostName(),
|
||||
|
|
|
@ -73,8 +73,8 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
|||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ms.si.GetBaseDN())
|
||||
}
|
||||
|
||||
flags, ok := ms.si.GetFlags(req.BindDN)
|
||||
if !ok {
|
||||
flags := ms.si.GetFlags(req.BindDN)
|
||||
if flags == nil {
|
||||
req.Log().Debug("User info not cached")
|
||||
metrics.RequestsRejected.With(prometheus.Labels{
|
||||
"outpost_name": ms.si.GetOutpostName(),
|
||||
|
|
|
@ -31,7 +31,7 @@ type LDAPServerInstance interface {
|
|||
|
||||
UsersForGroup(api.Group) []string
|
||||
|
||||
GetFlags(dn string) (flags.UserFlags, bool)
|
||||
GetFlags(dn string) *flags.UserFlags
|
||||
SetFlags(dn string, flags flags.UserFlags)
|
||||
|
||||
GetBaseEntry() *ldap.Entry
|
||||
|
|
Reference in a new issue