Skip to content

Commit

Permalink
always compare CNs as downcase
Browse files Browse the repository at this point in the history
Sometimes people end up with certificates that have uppercase letters in
the CN, but pass lowercase in the auth map.
  • Loading branch information
evgeni committed Dec 17, 2024
1 parent 26254db commit 435ba31
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion manifests/apache.pp
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
]

$api_additional_request_headers = $pulpcore::api_client_auth_cn_map.map |String $cn, String $pulp_user| {
"set ${remote_user_environ_header} \"${pulp_user}\" \"expr=%{SSL_CLIENT_S_DN_CN} == '${cn}'\""
"set ${remote_user_environ_header} \"${pulp_user}\" \"expr=%{tolower:SSL_CLIENT_S_DN_CN} == '${cn.downcase}'\""
}

$api_directory = {
Expand Down
2 changes: 1 addition & 1 deletion spec/classes/plugin_container_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ class {'pulpcore':
<Location "/pulpcore_registry/v2/">
RequestHeader unset REMOTE-USER
RequestHeader unset REMOTE_USER
RequestHeader set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == 'foreman.example.com'"
RequestHeader set REMOTE-USER "admin" "expr=%{tolower:SSL_CLIENT_S_DN_CN} == 'foreman.example.com'"
ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api/v2/
ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api/v2/
</Location>
Expand Down
2 changes: 1 addition & 1 deletion spec/classes/pulpcore_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -522,7 +522,7 @@
'request_headers' => [
'unset REMOTE-USER',
'unset REMOTE_USER',
'set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == \'foreman.example.com\'"',
'set REMOTE-USER "admin" "expr=%{tolower:SSL_CLIENT_S_DN_CN} == \'foreman.example.com\'"',
],
}
])
Expand Down

0 comments on commit 435ba31

Please sign in to comment.