diff options
| author |   Jeff Fearn <jfearn@redhat.com> | 2022-06-03 12:02:18 +1000 |
|---|---|---|
| committer | Jeff Fearn <jfearn@redhat.com> | 2022-06-03 12:58:25 +1000 |
| commit | 387b2980af072bb6c7da4e29c0047e06b0ffee2a (patch) | |
| tree | 5990a0d3b77d1373dae8beb8a2207f707c5caccc | |
| parent | Bug 2090018 - not_in_transaction error when confirming new account (diff) | |
| download | bugzilla-387b2980af072bb6c7da4e29c0047e06b0ffee2a.tar.gz bugzilla-387b2980af072bb6c7da4e29c0047e06b0ffee2a.tar.bz2 bugzilla-387b2980af072bb6c7da4e29c0047e06b0ffee2a.zip | |
Bug 2093103 - PrivacyIdea doesn't support aliases
Add support for mapping aliases to uids for PrivacyIDEA authentication.
Change-Id: I8323063c7f98efc07a62395637a1876cea18e583
| -rw-r--r-- | Bugzilla/Auth/Verify/RedHat.pm | 21 | ||||
| -rw-r--r-- | extensions/RedHat/Extension.pm | 53 | ||||
| -rw-r--r-- | t/100Push.t | 6 |
3 files changed, 60 insertions, 20 deletions
diff --git a/Bugzilla/Auth/Verify/RedHat.pm b/Bugzilla/Auth/Verify/RedHat.pm index 711a0bb30..02d4dc530 100644 --- a/Bugzilla/Auth/Verify/RedHat.pm +++ b/Bugzilla/Auth/Verify/RedHat.pm @@ -65,7 +65,7 @@ sub check_credentials { } if ((!$res || $res->{failure}) && $user->can_use_privacyidea()) { - $res = $self->check_credentials_privacyidea($params); + $res = $self->check_credentials_privacyidea($params, $user); } # Can't use password or PrivacyIdea, this is run after SSO, so use that. @@ -83,25 +83,17 @@ sub check_credentials { } sub check_credentials_privacyidea { - my ($self, $params) = @_; + my ($self, $params, $user) = @_; my $api_url = Bugzilla->params->{'PrivacyIDEA_API_URL'}; my $address_suffix = Bugzilla->params->{'RADIUS_email_suffix'}; my $username = $params->{username}; Bugzilla->logger->debug("Logging in using PrivacyIDEA"); - # If we're using RADIUS_email_suffix, we may need to cut it off from - # the login name. - if ($address_suffix) { - $username =~ s/\Q$address_suffix\E$//i; - } - - ## RED HAT EXTENSION START 1940265 - my $uname = $username; - $uname =~ s/\+.*//; - ## RED HAT EXTENSION END 1940265 + my $uid = $user->get_uid(); + Bugzilla->logger->debug("check_credentials_privacyidea uid: $uid"); - my %request_data = (user => $uname, pass => $params->{password},); + my %request_data = (user => $uid, pass => $params->{password},); my $ua = LWP::UserAgent->new(); $ua->agent("RedHatBugzilla/" . BUGZILLA_VERSION); @@ -126,8 +118,7 @@ sub check_credentials_privacyidea { return {failure => AUTH_RH_RADIUS_LOGINFAILED}; } - # Build the user account's e-mail address. - $params->{bz_username} = $username . $address_suffix; + $params->{bz_username} = $username; return $params; } diff --git a/extensions/RedHat/Extension.pm b/extensions/RedHat/Extension.pm index d2fcf514a..34ccf248d 100644 --- a/extensions/RedHat/Extension.pm +++ b/extensions/RedHat/Extension.pm @@ -153,6 +153,10 @@ BEGIN { *Bugzilla::User::Session::expires = \&_session_expires; ## REDHAT EXTENSION END 2075342 + ## REDHAT EXTENSION START 2093103 + *Bugzilla::User::get_uid = \&_user_get_uid; + ## REDHAT EXTENSION END 2093103 + } ################# @@ -4266,6 +4270,47 @@ sub object_end_of_update { return; } +## REDHAT EXTENSION START 2093103 +sub _user_get_uid { + my $self = shift; + + my $ldap_host = Bugzilla->params->{LDAPMXserver}; + my $ldap_binddn = Bugzilla->params->{LDAPMXBaseDN}; + my $ldap_pass = Bugzilla->localconfig->{LDAPMXpass}; + my $ldap_basedn = Bugzilla->params->{LDAPBaseDN}; + my $ldap_attr = Bugzilla->params->{LDAPMXmailattribute}; + + my $ldap = Net::LDAP->new($ldap_host, scheme => 'ldaps') + || ThrowUserError('ldap_error', {error => $@}); + my $mesg = $ldap->bind($ldap_binddn, password => $ldap_pass); + $mesg->code && ThrowUserError('ldap_error', {error => $mesg->error}); + + my $uid; + + if ($self->extern_id) { + my $extern_id = $self->extern_id; + $mesg = $ldap->search(base => $ldap_basedn, filter => "(rhatUUID=$extern_id)"); + + $mesg->code && ThrowUserError('ldap_error', {error => $mesg->error}); + + if ($mesg->count == 1) { + my $entry = $mesg->entry(0); + $uid = $entry->get_value('uid'); + } + + $mesg = $ldap->unbind; + } + else { + my $valid = _validate_redhat_addr($self->login); + if ($valid) { + $uid = Bugzilla->request_cache->{current_uid}; + } + } + + return $uid; +} +## REDHAT EXTENSION END 2093103 + sub _validate_redhat_addr { my $login = shift; @@ -4350,8 +4395,6 @@ sub _validate_redhat_addr { sub _validate_ldap_uid { my ($uid) = @_; - my @addrs; - my $ldap_host = Bugzilla->params->{LDAPMXserver}; my $ldap_binddn = Bugzilla->params->{LDAPMXBaseDN}; my $ldap_pass = Bugzilla->localconfig->{LDAPMXpass}; @@ -4370,6 +4413,12 @@ sub _validate_ldap_uid { my $valid = $mesg->count > 0; $mesg = $ldap->unbind; + ## REDHAT EXTENSION START 2093103 + if ($valid) { + Bugzilla->request_cache->{current_uid} = $uid; + } + ## REDHAT EXTENSION END 2093103 + return $valid; } ## RED HAT EXTENSION END 2019234 diff --git a/t/100Push.t b/t/100Push.t index 66050adf3..536ac3dbe 100644 --- a/t/100Push.t +++ b/t/100Push.t @@ -4,7 +4,7 @@ use strict; use warnings; use lib qw(. lib t); -use Test::More tests => 12; +use Test::More tests => 11; use Capture::Tiny ':all'; use Cwd; @@ -60,6 +60,6 @@ is($stderr, "", "stop pushd stderr"); SKIP: { skip "Doesn't work in tests...", 1; like($stdout, qr/Process .* is gone/, "stop pushd stdout"); -} -is($exit, 0, "check pushd exit"); + is($exit, 0, "check pushd exit"); +} |