Projet

Général

Profil

0001-ldap-provide-a-raises-keyword-argument-flag-on-conne.patch

Paul Marillonnet, 27 juin 2022 15:55

Télécharger (4,91 ko)

Voir les différences: 

Subject: [PATCH 1/2] ldap: provide a 'raises' keyword-argument flag on
 connection retrieval (#65491)


 src/authentic2/backends/ldap_backend.py | 65 ++++++++++++++++---------
 1 file changed, 43 insertions(+), 22 deletions(-)
src/authentic2/backends/ldap_backend.py
1783 1783 
        return new_results
1784 1784 

  		




  1785
  1785
  
    
    @classmethod

  		




  1786
  
  
    
    def get_connections(cls, block, credentials=()):

  		




  
  1786
  
    
    def get_connections(cls, block, credentials=(), raises=False):

  		




  1787
  1787
  
    
        '''Try each replicas, and yield successfull connections'''

  		




  1788
  1788
  
    
        if not block['url']:

  		




  1789
  1789
  
    
            raise ImproperlyConfigured("block['url'] must contain at least one url")

  		




  ......




  1810
  1810
  
    
            conn.set_option(ldap.OPT_REFERRALS, 1 if block['referrals'] else 0)

  		




  1811
  1811
  
    
            # allow TLS options to be applied

  		




  1812
  1812
  
    
            conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

  		




  
  1813
  
    
            errmsg = None

  		




  1813
  1814
  
    
            try:

  		




  1814
  1815
  
    
                if not url.startswith('ldaps://') and block['use_tls']:

  		




  1815
  1816
  
    
                    try:

  		




  1816
  1817
  
    
                        conn.start_tls_s()

  		




  1817
  1818
  
    
                    except ldap.CONNECT_ERROR:

  		




  1818
  
  
    
                        log.error(

  		




  1819
  
  
    
                            'connection to %r failed when activating TLS, did you forget to declare the TLS'

  		




  1820
  
  
    
                            ' certificate in /etc/ldap/ldap.conf ?',

  		




  1821
  
  
    
                            url,

  		




  1822
  
  
    
                        )

  		




  1823
  
  
    
                        continue

  		




  
  1819
  
    
                        error = (

  		




  
  1820
  
    
                            'connection to %r failed when activating TLS, did you forget to '

  		




  
  1821
  
    
                            'declare the TLS certificate in /etc/ldap/ldap.conf ?'

  		




  
  1822
  
    
                        ) % url

  		




  
  1823
  
    
                        log.error(errmsg)

  		




  1824
  1824
  
    
            except ldap.TIMEOUT:

  		




  1825
  
  
    
                log.error('connection to %r timed out', url)

  		




  1826
  
  
    
                continue

  		




  
  1825
  
    
                errmsg = 'connection to %r timed out' % url

  		




  
  1826
  
    
                log.error(errmsg)

  		




  1827
  1827
  
    
            except ldap.CONNECT_ERROR:

  		




  1828
  
  
    
                log.error(

  		




  1829
  
  
    
                    'connection to %r failed when activating TLS, did you forget to declare the TLS'

  		




  1830
  
  
    
                    ' certificate in /etc/ldap/ldap.conf ?',

  		




  1831
  
  
    
                    url,

  		




  1832
  
  
    
                )

  		




  1833
  
  
    
                continue

  		




  
  1828
  
    
                errmsg = (

  		




  
  1829
  
    
                    'connection to %r failed when activating TLS, did you forget to declare '

  		




  
  1830
  
    
                    'the TLS certificate in /etc/ldap/ldap.conf ?'

  		




  
  1831
  
    
                ) % url

  		




  
  1832
  
    
                log.error(errmsg)

  		




  1834
  1833
  
    
            except ldap.SERVER_DOWN:

  		




  
  1834
  
    
                errmsg = 'ldap %r is down' % url

  		




  1835
  1835
  
    
                if block['replicas']:

  		




  1836
  
  
    
                    log.warning('ldap %r is down', url)

  		




  
  1836
  
    
                    log.warning(errmsg)

  		




  1837
  1837
  
    
                else:

  		




  1838
  
  
    
                    log.error('ldap %r is down', url)

  		




  1839
  
  
    
                continue

  		




  
  1838
  
    
                    log.error(errmsg)

  		




  
  1839
  
    
            if errmsg:

  		




  
  1840
  
    
                if raises:

  		




  
  1841
  
    
                    raise ldap.LDAPError(errmsg)

  		




  
  1842
  
    
                else:

  		




  
  1843
  
    
                    continue

  		




  1840
  1844
  
    
            user_credentials = block['connect_with_user_credentials'] and credentials

  		




  1841
  1845
  
    
            success, error = cls.bind(block, conn, credentials=user_credentials)

  		




  1842
  1846
  
    
            if success:

  		




  1843
  1847
  
    
                yield conn

  		




  1844
  1848
  
    
            else:

  		




  
  1849
  
    
                errmsg = 'admin bind failed on %s: %s' % (url, error)

  		




  1845
  1850
  
    
                if block['replicas']:

  		




  1846
  
  
    
                    log.warning('admin bind failed on %s: %s', url, error)

  		




  
  1851
  
    
                    log.warning(errmsg)

  		




  1847
  1852
  
    
                else:

  		




  1848
  
  
    
                    log.error('admin bind failed on %s: %s', url, error)

  		




  
  1853
  
    
                    log.error(errmsg)

  		




  
  1854
  
    
                if raises:

  		




  
  1855
  
    
                    raise ldap.LDAPError(errmsg)

  		




  1849
  1856
  
    

  		




  1850
  1857
  
    
    @classmethod

  		




  1851
  1858
  
    
    def bind(cls, block, conn, credentials=()):

  		




  ......




  1901
  1908
  
    
            return False, 'ldap is down'

  		




  1902
  1909
  
    

  		




  1903
  1910
  
    
    @classmethod

  		




  1904
  
  
    
    def get_connection(cls, block, credentials=()):

  		




  
  1911
  
    
    def get_connection(cls, block, credentials=(), raises=False):

  		




  1905
  1912
  
    
        '''Try to get at least one connection'''

  		




  1906
  
  
    
        for conn in cls.get_connections(block, credentials=credentials):

  		




  
  1913
  
    
        errors = []

  		




  
  1914
  
    
        conn = None

  		




  
  1915
  
    
        while True:

  		




  
  1916
  
    
            try:

  		




  
  1917
  
    
                conn = next(cls.get_connections(block, credentials=credentials, raises=raises))

  		




  
  1918
  
    
            except ldap.LDAPError as e:

  		




  
  1919
  
    
                errors.append(e)

  		




  
  1920
  
    
            except StopIteration:

  		




  
  1921
  
    
                break

  		




  
  1922
  
    
            else:

  		




  
  1923
  
    
                if conn:

  		




  
  1924
  
    
                    break

  		




  
  1925
  
    
        if conn:

  		




  1907
  1926
  
    
            return conn

  		




  
  1927
  
    
        elif raises:

  		




  
  1928
  
    
            raise ldap.LDAPError(' – '.join(errors))

  		




  1908
  1929
  
    
        return None

  		




  1909
  1930
  
    

  		




  1910
  1931
  
    
    @classmethod

  		




  1911
  
  
    
-