From 68264fb45d06a010893d3a0c7582de92323a23ee Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Tue, 18 Aug 2020 16:50:03 +0200 Subject: [PATCH] Add UID and GID in ldap auth driver --- changelog/unreleased/auth-ldap-uid.md | 7 +++++++ pkg/auth/manager/ldap/ldap.go | 21 ++++++++++++++++++++- pkg/storage/utils/eosfs/eosfs.go | 3 +++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 changelog/unreleased/auth-ldap-uid.md diff --git a/changelog/unreleased/auth-ldap-uid.md b/changelog/unreleased/auth-ldap-uid.md new file mode 100644 index 0000000000..d29e6c7ece --- /dev/null +++ b/changelog/unreleased/auth-ldap-uid.md @@ -0,0 +1,7 @@ +Enhancement: Add UID and GID in ldap auth driver + +The PR https://github.com/cs3org/reva/pull/1088/ added the functionality to +lookup UID and GID from the ldap user provider. This PR adds the same to the +ldap auth manager. + +https://github.com/cs3org/reva/pull/1101 diff --git a/pkg/auth/manager/ldap/ldap.go b/pkg/auth/manager/ldap/ldap.go index 1e124deac5..e43910b9c3 100644 --- a/pkg/auth/manager/ldap/ldap.go +++ b/pkg/auth/manager/ldap/ldap.go @@ -25,6 +25,7 @@ import ( "strings" user "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" + types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/pkg/appctx" "github.com/cs3org/reva/pkg/auth" "github.com/cs3org/reva/pkg/auth/manager/registry" @@ -66,6 +67,10 @@ type attributes struct { Mail string `mapstructure:"mail"` // Displayname is the Human readable name, e.g. `Albert Einstein` DisplayName string `mapstructure:"displayName"` + // UIDNumber is a numeric id that maps to a filesystem uid, eg. 123546 + UIDNumber string `mapstructure:"uidNumber"` + // GIDNumber is a numeric id that maps to a filesystem gid, eg. 654321 + GIDNumber string `mapstructure:"gidNumber"` } // Default attributes (Active Directory) @@ -75,6 +80,8 @@ var ldapDefaults = attributes{ CN: "cn", Mail: "mail", DisplayName: "displayName", + UIDNumber: "uidNumber", + GIDNumber: "gidNumber", } func parseConfig(m map[string]interface{}) (*config, error) { @@ -130,7 +137,7 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string) am.c.BaseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, am.getLoginFilter(clientID), - []string{am.c.Schema.DN, am.c.Schema.UID, am.c.Schema.CN, am.c.Schema.Mail, am.c.Schema.DisplayName}, + []string{am.c.Schema.DN, am.c.Schema.UID, am.c.Schema.CN, am.c.Schema.Mail, am.c.Schema.DisplayName, am.c.Schema.UIDNumber, am.c.Schema.GIDNumber}, nil, ) @@ -163,6 +170,18 @@ func (am *mgr) Authenticate(ctx context.Context, clientID, clientSecret string) Groups: []string{}, Mail: sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.Mail), DisplayName: sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.DisplayName), + Opaque: &types.Opaque{ + Map: map[string]*types.OpaqueEntry{ + "uid": { + Decoder: "plain", + Value: []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.UIDNumber)), + }, + "gid": { + Decoder: "plain", + Value: []byte(sr.Entries[0].GetEqualFoldAttributeValue(am.c.Schema.GIDNumber)), + }, + }, + }, } log.Debug().Interface("entry", sr.Entries[0]).Interface("user", u).Msg("authenticated user") diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go index 80bd11001a..17db3c7137 100644 --- a/pkg/storage/utils/eosfs/eosfs.go +++ b/pkg/storage/utils/eosfs/eosfs.go @@ -1409,6 +1409,9 @@ func (fs *eosfs) extractUIDAndGID(u *userpb.User) (string, string, error) { } } } + if uid == "" || gid == "" { + return "", "", errors.New("eos: uid or gid missing for user") + } return uid, gid, nil }