Module: check_mk
Branch: master
Commit: 56b059ad1c99ba08a2bc964b51453ecd14ad15ee
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=56b059ad1c99ba…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Aug 29 16:48:04 2018 +0200
6453 FIX LDAP: Users with non-ASCII characters in uid could be created incorrectly
When LDAP users with non-ASCII characters in their user ID are not created by the
LDAP sync but during first login, the user data set was stored in a wrong way
(wrong encoded user ID). This could lead to exceptions when the user tried to
login or when an admin tried to work with the user database.
Change-Id: Iea9ba97ec3146435640341e469cc93226fcfce41
---
.werks/6453 | 14 ++++++++++++++
cmk/gui/plugins/userdb/ldap_connector.py | 2 +-
cmk/gui/userdb.py | 8 ++++++++
3 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/.werks/6453 b/.werks/6453
new file mode 100644
index 0000000..2b1558f
--- /dev/null
+++ b/.werks/6453
@@ -0,0 +1,14 @@
+Title: LDAP: Users with non-ASCII characters in uid could be created incorrectly
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1535275947
+
+When LDAP users with non-ASCII characters in their user ID are not created by the
+LDAP sync but during first login, the user data set was stored in a wrong way
+(wrong encoded user ID). This could lead to exceptions when the user tried to
+login or when an admin tried to work with the user database.
diff --git a/cmk/gui/plugins/userdb/ldap_connector.py
b/cmk/gui/plugins/userdb/ldap_connector.py
index ffa0d47..bed2629 100644
--- a/cmk/gui/plugins/userdb/ldap_connector.py
+++ b/cmk/gui/plugins/userdb/ldap_connector.py
@@ -957,7 +957,7 @@ class LDAPUserConnector(UserConnector):
# authentication which should be rebound again after trying this.
try:
self.bind(user_dn, password)
- result = user_id.encode('utf-8')
+ result = user_id
except:
self._logger.exception(" Exception during authentication (User:
%s)", user_id)
result = False
diff --git a/cmk/gui/userdb.py b/cmk/gui/userdb.py
index f63b282..108e01b 100644
--- a/cmk/gui/userdb.py
+++ b/cmk/gui/userdb.py
@@ -586,6 +586,10 @@ def load_users(lock = False):
# will be added later as normal users.
result = {}
for id, user in users.items():
+ # Transform user IDs which were stored with a wrong type
+ if isinstance(id, str):
+ id = id.decode("utf-8")
+
profile = contacts.get(id, {})
profile.update(user)
result[id] = profile
@@ -598,6 +602,10 @@ def load_users(lock = False):
# contacts.mk manually. But we want to support that as
# far as possible.
for id, contact in contacts.items():
+ # Transform user IDs which were stored with a wrong type
+ if isinstance(id, str):
+ id = id.decode("utf-8")
+
if id not in result:
result[id] = contact
result[id]["roles"] = [ "user" ]