scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

normalize LDAP auth HTTP responses (#21282)

Browse Source
This commit is contained in:
Raymond Ho
2023-06-21 15:32:00 -07:00
committed by GitHub
parent 8df34b0871
commit 5b41148bfc
4 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
builtin/credential/ldap/backend.go
View File

@@ -9,6 +9,7 @@ import (
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/ldaputil"
"github.com/hashicorp/vault/sdk/logical"
@@ -96,7 +97,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
if b.Logger().IsDebug() {
b.Logger().Debug("error getting user bind DN", "error", err)
}
return "", nil, logical.ErrorResponse(errUserBindFailed), nil, nil
return "", nil, logical.ErrorResponse(errUserBindFailed), nil, logical.ErrInvalidCredentials
}
if b.Logger().IsDebug() {

13
builtin/credential/ldap/path_login.go
View File

@@ -83,17 +83,8 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
password := d.Get("password").(string)
effectiveUsername, policies, resp, groupNames, err := b.Login(ctx, req, username, password, cfg.UsernameAsAlias)
// Handle an internal error
if err != nil {
return nil, err
}
if resp != nil {
// Handle a logical error
if resp.IsError() {
return resp, nil
}
} else {
resp = &logical.Response{}
if err != nil || (resp != nil && resp.IsError()) {
return resp, err
}
auth := &logical.Auth{

3
changelog/21282.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:change
auth/ldap: Normalize HTTP response codes when invalid credentials are provided
```

5
vault/request_handling.go
View File

@@ -21,6 +21,8 @@ import (
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/go-uuid"
uberAtomic "go.uber.org/atomic"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/identity"
"github.com/hashicorp/vault/helper/identity/mfa"
@@ -36,7 +38,6 @@ import (
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault/quotas"
"github.com/hashicorp/vault/vault/tokens"
uberAtomic "go.uber.org/atomic"
)
const (
@@ -1406,7 +1407,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
return nil, nil, err
}
}
return nil, nil, resp.Error()
return resp, nil, routeErr
}
if resp != nil {