Project

General

Profile

Development #65604

ldap: ne pas planter si le serveur ne retourne pas de cookie de page

Added by Benjamin Dauvergne about 1 month ago. Updated 28 days ago.

Status:
Solution déployée
Priority:
Normal
Category:
-
Target version:
-
Start date:
23 May 2022
Due date:
% Done:

0%

Estimated time:
Patch proposed:
Yes
Planning:
No

Description

C'est contraire aux RFCs et aux bonnes manières mais autant ne pas planter.

PS: cf. ticket client #64820, trace remontée par Corentin :

 Traceback (most recent call last):
  File /usr/lib/authentic2/manage.py, line 20, in <module>
    execute_from_command_line(sys.argv[:1] + argv)
  File /usr/lib/python3/dist-packages/django/core/management/__init__.py, line 381, in execute_from_command_line
    utility.execute()
  File /usr/lib/python3/dist-packages/django/core/management/__init__.py, line 375, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File /usr/lib/python3/dist-packages/hobo/multitenant/management/commands/tenant_command.py, line 160, in run_from_argv
    klass.run_from_argv(args)
  File /usr/lib/python3/dist-packages/django/core/management/base.py, line 323, in run_from_argv
    self.execute(*args, **cmd_options)
  File /usr/lib/python3/dist-packages/hobo/agent/authentic2/apps.py, line 58, in new_execute
    return old_execute(self, *args, **kwargs)
  File /usr/lib/python3/dist-packages/django/core/management/base.py, line 364, in execute
    output = self.handle(*args, **options)
  File /usr/lib/python3/dist-packages/authentic2/management/commands/sync-ldap-users.py, line 71, in handle
    for dummy in LDAPBackend.get_users(realm=kwargs['realm']):
  File /usr/lib/python3/dist-packages/authentic2/backends/ldap_backend.py, line 1669, in get_users
    for user in cls.get_users_for_block(block):
  File /usr/lib/python3/dist-packages/authentic2/backends/ldap_backend.py, line 1640, in get_users_for_block
    for dn, attrs in results:
  File /usr/lib/python3/dist-packages/authentic2/backends/ldap_backend.py, line 1622, in paged_search
    pg_ctrl.cookie = serverctrls[0].cookie
IndexError: list index out of range

où le serveur pas très sympa ne nous renvoie pas de le contrôle (jargon LDAP pour dire extension) réponse alors qu'il a accepté le contrôle dans la requête.

Files

Associated revisions

Revision 4ce32d57 (diff)
Added by Benjamin Dauvergne 29 days ago

ldap: serverctrls can be empty on non comformant LDAP directories(#65604)

Example of such a non-conforming directory is the slapd-meta backend of
OpenLDAP, it accepts SimplePagedSearch control with criticality=True
set, but do not honor it apart from the response size which respects the
given page size.

History

#1

Updated by Benjamin Dauvergne about 1 month ago

#2

Updated by Benjamin Dauvergne about 1 month ago

  • Description updated (diff)
#3

Updated by Corentin Séchet about 1 month ago

  • Status changed from Solution proposée to Solution validée
#4

Updated by Benjamin Dauvergne 29 days ago

  • Status changed from Solution validée to Résolu (à déployer)
commit 4ce32d57ddc1d42a8d54f9d044c3f56dd7cc509a
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Mon May 23 16:13:51 2022 +0200

    ldap: serverctrls can be empty on non comformant LDAP directories(#65604)

    Example of such a non-conforming directory is the slapd-meta backend of
    OpenLDAP, it accepts SimplePagedSearch control with criticality=True
    set, but do not honor it apart from the response size which respects the
    given page size.
#5

Updated by Transition automatique 28 days ago

  • Status changed from Résolu (à déployer) to Solution déployée

Also available in: Atom PDF