scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

normalize LDAP auth HTTP responses (#21282)

Browse Source
This commit is contained in:
Raymond Ho
2023-06-21 15:32:00 -07:00
committed by GitHub
parent 8df34b0871
commit 5b41148bfc
4 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
builtin/credential/ldap/backend.go
View File

@@ -9,6 +9,7 @@ import (
"strings" "strings"
"github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/ldaputil" "github.com/hashicorp/vault/sdk/helper/ldaputil"
"github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/logical"
@@ -96,7 +97,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
if b.Logger().IsDebug() { if b.Logger().IsDebug() {
b.Logger().Debug("error getting user bind DN", "error", err) b.Logger().Debug("error getting user bind DN", "error", err)
} }
return "", nil, logical.ErrorResponse(errUserBindFailed), nil, nil return "", nil, logical.ErrorResponse(errUserBindFailed), nil, logical.ErrInvalidCredentials
} }
if b.Logger().IsDebug() { if b.Logger().IsDebug() {

13
builtin/credential/ldap/path_login.go
View File

@@ -83,17 +83,8 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
password := d.Get("password").(string) password := d.Get("password").(string)
effectiveUsername, policies, resp, groupNames, err := b.Login(ctx, req, username, password, cfg.UsernameAsAlias) effectiveUsername, policies, resp, groupNames, err := b.Login(ctx, req, username, password, cfg.UsernameAsAlias)
// Handle an internal error if err != nil || (resp != nil && resp.IsError()) {
if err != nil { return resp, err
return nil, err
}
if resp != nil {
// Handle a logical error
if resp.IsError() {
return resp, nil
}
} else {
resp = &logical.Response{}
} }
auth := &logical.Auth{ auth := &logical.Auth{

3
changelog/21282.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:change
auth/ldap: Normalize HTTP response codes when invalid credentials are provided
```

5
vault/request_handling.go
View File

@@ -21,6 +21,8 @@ import (
"github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/go-sockaddr" "github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/go-uuid" "github.com/hashicorp/go-uuid"
uberAtomic "go.uber.org/atomic"
"github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/identity"
"github.com/hashicorp/vault/helper/identity/mfa" "github.com/hashicorp/vault/helper/identity/mfa"
@@ -36,7 +38,6 @@ import (
"github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault/quotas" "github.com/hashicorp/vault/vault/quotas"
"github.com/hashicorp/vault/vault/tokens" "github.com/hashicorp/vault/vault/tokens"
uberAtomic "go.uber.org/atomic"
) )
const ( const (
@@ -1406,7 +1407,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
return nil, nil, err return nil, nil, err
} }
} }
return nil, nil, resp.Error() return resp, nil, routeErr
} }
if resp != nil { if resp != nil {