Do not try to recreate ldap user if they are already created (#9900) (#9919)

* Do not try to recreate ldap user if they are already created

* just remove autoregister

Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
This commit is contained in:
zeripath 2020-01-21 20:17:00 +00:00 committed by Antoine GIRARD
parent 05b9864086
commit 79c1d48532

View file

@ -461,7 +461,7 @@ var (
// LoginViaLDAP queries if login/password is valid against the LDAP directory pool, // LoginViaLDAP queries if login/password is valid against the LDAP directory pool,
// and create a local user if success when enabled. // and create a local user if success when enabled.
func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) { func LoginViaLDAP(user *User, login, password string, source *LoginSource) (*User, error) {
sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP) sr := source.Cfg.(*LDAPConfig).SearchEntry(login, password, source.Type == LoginDLDAP)
if sr == nil { if sr == nil {
// User not in LDAP, do nothing // User not in LDAP, do nothing
@ -491,7 +491,7 @@ func LoginViaLDAP(user *User, login, password string, source *LoginSource, autoR
} }
} }
if !autoRegister { if user != nil {
if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) { if isAttributeSSHPublicKeySet && synchronizeLdapSSHPublicKeys(user, source, sr.SSHPublicKey) {
return user, RewriteAllPublicKeys() return user, RewriteAllPublicKeys()
} }
@ -602,7 +602,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
// LoginViaSMTP queries if login/password is valid against the SMTP, // LoginViaSMTP queries if login/password is valid against the SMTP,
// and create a local user if success when enabled. // and create a local user if success when enabled.
func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) { func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPConfig) (*User, error) {
// Verify allowed domains. // Verify allowed domains.
if len(cfg.AllowedDomains) > 0 { if len(cfg.AllowedDomains) > 0 {
idx := strings.Index(login, "@") idx := strings.Index(login, "@")
@ -633,7 +633,7 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC
return nil, err return nil, err
} }
if !autoRegister { if user != nil {
return user, nil return user, nil
} }
@ -665,7 +665,7 @@ func LoginViaSMTP(user *User, login, password string, sourceID int64, cfg *SMTPC
// LoginViaPAM queries if login/password is valid against the PAM, // LoginViaPAM queries if login/password is valid against the PAM,
// and create a local user if success when enabled. // and create a local user if success when enabled.
func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) { func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMConfig) (*User, error) {
if err := pam.Auth(cfg.ServiceName, login, password); err != nil { if err := pam.Auth(cfg.ServiceName, login, password); err != nil {
if strings.Contains(err.Error(), "Authentication failure") { if strings.Contains(err.Error(), "Authentication failure") {
return nil, ErrUserNotExist{0, login, 0} return nil, ErrUserNotExist{0, login, 0}
@ -673,7 +673,7 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon
return nil, err return nil, err
} }
if !autoRegister { if user != nil {
return user, nil return user, nil
} }
@ -691,7 +691,7 @@ func LoginViaPAM(user *User, login, password string, sourceID int64, cfg *PAMCon
} }
// ExternalUserLogin attempts a login using external source types. // ExternalUserLogin attempts a login using external source types.
func ExternalUserLogin(user *User, login, password string, source *LoginSource, autoRegister bool) (*User, error) { func ExternalUserLogin(user *User, login, password string, source *LoginSource) (*User, error) {
if !source.IsActived { if !source.IsActived {
return nil, ErrLoginSourceNotActived return nil, ErrLoginSourceNotActived
} }
@ -699,11 +699,11 @@ func ExternalUserLogin(user *User, login, password string, source *LoginSource,
var err error var err error
switch source.Type { switch source.Type {
case LoginLDAP, LoginDLDAP: case LoginLDAP, LoginDLDAP:
user, err = LoginViaLDAP(user, login, password, source, autoRegister) user, err = LoginViaLDAP(user, login, password, source)
case LoginSMTP: case LoginSMTP:
user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister) user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig))
case LoginPAM: case LoginPAM:
user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister) user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig))
default: default:
return nil, ErrUnsupportedLoginType return nil, ErrUnsupportedLoginType
} }
@ -783,7 +783,7 @@ func UserSignIn(username, password string) (*User, error) {
return nil, ErrLoginSourceNotExist{user.LoginSource} return nil, ErrLoginSourceNotExist{user.LoginSource}
} }
return ExternalUserLogin(user, user.LoginName, password, &source, false) return ExternalUserLogin(user, user.LoginName, password, &source)
} }
} }
@ -797,7 +797,7 @@ func UserSignIn(username, password string) (*User, error) {
// don't try to authenticate against OAuth2 and SSPI sources here // don't try to authenticate against OAuth2 and SSPI sources here
continue continue
} }
authUser, err := ExternalUserLogin(nil, username, password, source, true) authUser, err := ExternalUserLogin(nil, username, password, source)
if err == nil { if err == nil {
return authUser, nil return authUser, nil
} }