Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:crameleon:branches:openSUSE:Leap:15.4
salt
fix-salt-ldap-auth-bsc-60493.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File fix-salt-ldap-auth-bsc-60493.patch of Package salt
# This is a modified version of the upstream patch # Stripped out test suite patches + resolved conflicts in salt/netapi/rest_cherrypy/app.py # Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net> From f1e18048a8062aa00d50dd554df2317de15bbafa Mon Sep 17 00:00:00 2001 From: Pedro Algarvio <pedro@algarvio.me> Date: Wed, 14 Jul 2021 15:52:41 +0100 Subject: [PATCH 1/2] Factor out sum and sorting of permissions into separate functions. Fixes #56495 Additionally, the same logic was applied to the rest_cherrypy netapi --- changelog/56495.fixed | 2 + salt/netapi/__init__.py | 34 ++ salt/netapi/rest_cherrypy/app.py | 14 +- salt/netapi/rest_tornado/saltnado.py | 14 +- tests/filename_map.yml | 10 +- tests/pytests/functional/netapi/conftest.py | 2 +- .../test_external_auth_syntax.py | 299 +++++++++++++++++ .../rest_tornado/test_external_auth_syntax.py | 307 ++++++++++++++++++ 8 files changed, 653 insertions(+), 29 deletions(-) create mode 100644 changelog/56495.fixed create mode 100644 tests/pytests/functional/netapi/rest_cherrypy/test_external_auth_syntax.py create mode 100644 tests/pytests/functional/netapi/rest_tornado/test_external_auth_syntax.py diff --git a/changelog/56495.fixed b/changelog/56495.fixed new file mode 100644 index 000000000000..ba43c84bcc75 --- /dev/null +++ b/changelog/56495.fixed @@ -0,0 +1,2 @@ +Factor out sum and sorting of permissions into separate functions. +Additionally, the same logic was applied to the rest_cherrypy netapi diff --git a/salt/netapi/__init__.py b/salt/netapi/__init__.py index b54334561e21..7127dc2b3c8c 100644 --- a/salt/netapi/__init__.py +++ b/salt/netapi/__init__.py @@ -24,6 +24,40 @@ log = logging.getLogger(__name__) +def sorted_permissions(perms): + """ + Return a sorted list of the passed in permissions, de-duplicating in the process + """ + _str_perms = [] + _non_str_perms = [] + for entry in perms: + if isinstance(entry, str): + if entry in _str_perms: + continue + _str_perms.append(entry) + continue + if entry in _non_str_perms: + continue + _non_str_perms.append(entry) + return sorted(_str_perms) + sorted(_non_str_perms, key=repr) + + +def sum_permissions(token, eauth): + """ + Returns the sum of '*', user-specific and group specific permissions + """ + perms = eauth.get(token["name"], []) + perms.extend(eauth.get("*", [])) + + if "groups" in token and token["groups"]: + user_groups = set(token["groups"]) + eauth_groups = {i.rstrip("%") for i in eauth.keys() if i.endswith("%")} + + for group in user_groups & eauth_groups: + perms.extend(eauth["{}%".format(group)]) + return perms + + class NetapiClient: """ Provide a uniform method of accessing the various client interfaces in Salt --- a/salt/netapi/rest_cherrypy/app.py 2023-01-27 22:24:23.182466851 +0100 +++ b/salt/netapi/rest_cherrypy/app.py 2023-01-27 22:25:19.842774598 +0100 @@ -1888,18 +1888,8 @@ if token["eauth"] == "django" and "^model" in eauth: perms = token["auth_list"] else: - # Get sum of '*' perms, user-specific perms, and group-specific perms - perms = eauth.get(token["name"], []) - perms.extend(eauth.get("*", [])) - - if "groups" in token and token["groups"]: - user_groups = set(token["groups"]) - eauth_groups = { - i.rstrip("%") for i in eauth.keys() if i.endswith("%") - } - - for group in user_groups & eauth_groups: - perms.extend(eauth["{}%".format(group)]) + perms = salt.netapi.sum_permissions(token, eauth) + perms = salt.netapi.sorted_permissions(perms) if not perms: logger.debug("Eauth permission list not found.") diff --git a/salt/netapi/rest_tornado/saltnado.py b/salt/netapi/rest_tornado/saltnado.py index 7e9330c321d1..f6d6511f8104 100644 --- a/salt/netapi/rest_tornado/saltnado.py +++ b/salt/netapi/rest_tornado/saltnado.py @@ -756,18 +756,8 @@ def post(self): # pylint: disable=arguments-differ # Grab eauth config for the current backend for the current user try: eauth = self.application.opts["external_auth"][token["eauth"]] - # Get sum of '*' perms, user-specific perms, and group-specific perms - perms = eauth.get(token["name"], []) - perms.extend(eauth.get("*", [])) - - if "groups" in token and token["groups"]: - user_groups = set(token["groups"]) - eauth_groups = {i.rstrip("%") for i in eauth.keys() if i.endswith("%")} - - for group in user_groups & eauth_groups: - perms.extend(eauth["{}%".format(group)]) - - perms = sorted(list(set(perms))) + perms = salt.netapi.sum_permissions(token, eauth) + perms = salt.netapi.sorted_permissions(perms) # If we can't find the creds, then they aren't authorized except KeyError: self.send_error(401)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor