gandc/lldap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

server, refactor: Add a conversion from bool for the filters

Browse Source
This commit is contained in:
Valentin Tolmer
2023-01-17 14:43:37 +01:00
committed by nitnelave
parent 807fd10d13
commit 9018e6fa34
4 changed files with 87 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/src/domain/handler.rs
View File

@@ -27,6 +27,16 @@ pub enum UserRequestFilter {
MemberOfId(GroupId),
}
impl From<bool> for UserRequestFilter {
fn from(val: bool) -> Self {
if val {
Self::And(vec![])
} else {
Self::Not(Box::new(Self::And(vec![])))
}
}
}
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone)]
pub enum GroupRequestFilter {
And(Vec<GroupRequestFilter>),
@@ -39,6 +49,16 @@ pub enum GroupRequestFilter {
Member(UserId),
}
impl From<bool> for GroupRequestFilter {
fn from(val: bool) -> Self {
if val {
Self::And(vec![])
} else {
Self::Not(Box::new(Self::And(vec![])))
}
}
}
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize, Clone, Default)]
pub struct CreateUserRequest {
// Same fields as User, but no creation_date, and with password.

54
server/src/domain/ldap/group.rs
View File

@@ -121,25 +121,20 @@ fn convert_group_filter(
)?;
Ok(GroupRequestFilter::Member(user_name))
}
"objectclass" => match value.as_str() {
"groupofuniquenames" | "groupofnames" => Ok(GroupRequestFilter::And(vec![])),
_ => Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(
vec![],
)))),
},
"dn" => Ok(
match get_group_id_from_distinguished_name(
value.to_ascii_lowercase().as_str(),
&ldap_info.base_dn,
&ldap_info.base_dn_str,
) {
Ok(value) => GroupRequestFilter::DisplayName(value),
Err(_) => {
warn!("Invalid dn filter on group: {}", value);
GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(vec![])))
}
},
),
"objectclass" => Ok(GroupRequestFilter::from(matches!(
value.as_str(),
"groupofuniquenames" | "groupofnames"
))),
"dn" => Ok(get_group_id_from_distinguished_name(
value.to_ascii_lowercase().as_str(),
&ldap_info.base_dn,
&ldap_info.base_dn_str,
)
.map(GroupRequestFilter::DisplayName)
.unwrap_or_else(|_| {
warn!("Invalid dn filter on group: {}", value);
GroupRequestFilter::from(false)
})),
_ => match map_group_field(field) {
Some(GroupColumn::DisplayName) => {
Ok(GroupRequestFilter::DisplayName(value.to_string()))
@@ -158,9 +153,7 @@ fn convert_group_filter(
field
);
}
Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(
vec![],
))))
Ok(GroupRequestFilter::from(false))
}
},
}
@@ -174,17 +167,12 @@ fn convert_group_filter(
LdapFilter::Not(filter) => Ok(GroupRequestFilter::Not(Box::new(rec(filter)?))),
LdapFilter::Present(field) => {
let field = &field.to_ascii_lowercase();
if field == "objectclass"
|| field == "dn"
|| field == "distinguishedname"
|| map_group_field(field).is_some()
{
Ok(GroupRequestFilter::And(vec![]))
} else {
Ok(GroupRequestFilter::Not(Box::new(GroupRequestFilter::And(
vec![],
))))
}
Ok(GroupRequestFilter::from(
field == "objectclass"
|| field == "dn"
|| field == "distinguishedname"
|| map_group_field(field).is_some(),
))
}
_ => Err(LdapError {
code: LdapResultCode::UnwillingToPerform,

65
server/src/domain/ldap/user.rs
View File

@@ -134,35 +134,27 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
LdapFilter::Equality(field, value) => {
let field = &field.to_ascii_lowercase();
match field.as_str() {
"memberof" => {
let group_name = get_group_id_from_distinguished_name(
"memberof" => Ok(UserRequestFilter::MemberOf(
get_group_id_from_distinguished_name(
&value.to_ascii_lowercase(),
&ldap_info.base_dn,
&ldap_info.base_dn_str,
)?;
Ok(UserRequestFilter::MemberOf(group_name))
}
"objectclass" => match value.to_ascii_lowercase().as_str() {
"person" | "inetorgperson" | "posixaccount" | "mailaccount" => {
Ok(UserRequestFilter::And(vec![]))
}
_ => Ok(UserRequestFilter::Not(Box::new(UserRequestFilter::And(
vec![],
)))),
},
"dn" => Ok(
match get_user_id_from_distinguished_name(
value.to_ascii_lowercase().as_str(),
&ldap_info.base_dn,
&ldap_info.base_dn_str,
) {
Ok(value) => UserRequestFilter::UserId(value),
Err(_) => {
warn!("Invalid dn filter on user: {}", value);
UserRequestFilter::Not(Box::new(UserRequestFilter::And(vec![])))
}
},
),
)?,
)),
"objectclass" => Ok(UserRequestFilter::from(matches!(
value.to_ascii_lowercase().as_str(),
"person" | "inetorgperson" | "posixaccount" | "mailaccount"
))),
"dn" => Ok(get_user_id_from_distinguished_name(
value.to_ascii_lowercase().as_str(),
&ldap_info.base_dn,
&ldap_info.base_dn_str,
)
.map(UserRequestFilter::UserId)
.unwrap_or_else(|_| {
warn!("Invalid dn filter on user: {}", value);
UserRequestFilter::from(false)
})),
_ => match map_user_field(field) {
Some(UserColumn::UserId) => Ok(UserRequestFilter::UserId(UserId::new(value))),
Some(field) => Ok(UserRequestFilter::Equality(field, value.clone())),
@@ -174,9 +166,7 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
field
);
}
Ok(UserRequestFilter::Not(Box::new(UserRequestFilter::And(
vec![],
))))
Ok(UserRequestFilter::from(false))
}
},
}
@@ -184,17 +174,12 @@ fn convert_user_filter(ldap_info: &LdapInfo, filter: &LdapFilter) -> LdapResult<
LdapFilter::Present(field) => {
let field = &field.to_ascii_lowercase();
// Check that it's a field we support.
if field == "objectclass"
|| field == "dn"
|| field == "distinguishedname"
|| map_user_field(field).is_some()
{
Ok(UserRequestFilter::And(vec![]))
} else {
Ok(UserRequestFilter::Not(Box::new(UserRequestFilter::And(
vec![],
))))
}
Ok(UserRequestFilter::from(
field == "objectclass"
|| field == "dn"
|| field == "distinguishedname"
|| map_user_field(field).is_some(),
))
}
_ => Err(LdapError {
code: LdapResultCode::UnwillingToPerform,