diff options
| author | Zuul <zuul@review.opendev.org> | 2020-08-24 19:29:09 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2020-08-24 19:29:09 +0000 |
| commit | 73b325c836dd4a5bb719a719879966a6b3276326 (patch) | |
| tree | 494b5603950266a704d29893d5c98d1c01f5b3a5 | |
| parent | c36d015d4162d0e7ccd54063317895b663a1f45c (diff) | |
| parent | 8bf222ac5d390e25d306d35f69bd958b18bee4d8 (diff) | |
| download | keystone-73b325c836dd4a5bb719a719879966a6b3276326.tar.gz | |
Merge "Properly handle octet (byte) strings when converting LDAP responses"
| -rw-r--r-- | keystone/identity/backends/ldap/common.py | 12 | ||||
| -rw-r--r-- | keystone/tests/unit/identity/backends/test_ldap_common.py | 14 | ||||
| -rw-r--r-- | releasenotes/notes/bug-1889936-78d6853b5212b8f1.yaml | 5 |
3 files changed, 30 insertions, 1 deletions
diff --git a/keystone/identity/backends/ldap/common.py b/keystone/identity/backends/ldap/common.py index 91e071335..d819467d9 100644 --- a/keystone/identity/backends/ldap/common.py +++ b/keystone/identity/backends/ldap/common.py @@ -18,6 +18,7 @@ import functools import os.path import re import sys +import uuid import weakref import ldap.controls @@ -93,7 +94,16 @@ def utf8_decode(value): :raises UnicodeDecodeError: for invalid UTF-8 encoding """ if isinstance(value, bytes): - return _utf8_decoder(value)[0] + try: + return _utf8_decoder(value)[0] + except UnicodeDecodeError: + # NOTE(lbragstad): We could be dealing with a UUID in byte form, + # which some LDAP implementations use. + uuid_byte_string_length = 16 + if len(value) == uuid_byte_string_length: + return str(uuid.UUID(bytes_le=value)) + else: + raise return str(value) diff --git a/keystone/tests/unit/identity/backends/test_ldap_common.py b/keystone/tests/unit/identity/backends/test_ldap_common.py index 029ded643..6674d9e14 100644 --- a/keystone/tests/unit/identity/backends/test_ldap_common.py +++ b/keystone/tests/unit/identity/backends/test_ldap_common.py @@ -520,6 +520,20 @@ class CommonLdapTestCase(unit.BaseTestCase): # The user name should still be a string value. self.assertEqual(user_name, py_result[0][1]['user_name'][0]) + def test_user_id_attribute_is_uuid_in_byte_form(self): + results = [( + 'cn=alice,dc=example,dc=com', + { + 'cn': [b'cn=alice'], + 'objectGUID': [b'\xdd\xd8Rt\xee]bA\x8e(\xe39\x0b\xe1\xf8\xe8'], + 'email': [uuid.uuid4().hex], + 'sn': [uuid.uuid4().hex] + } + )] + py_result = common_ldap.convert_ldap_result(results) + exp_object_guid = '7452d8dd-5dee-4162-8e28-e3390be1f8e8' + self.assertEqual(exp_object_guid, py_result[0][1]['objectGUID'][0]) + class LDAPFilterQueryCompositionTest(unit.BaseTestCase): """These test cases test LDAP filter generation.""" diff --git a/releasenotes/notes/bug-1889936-78d6853b5212b8f1.yaml b/releasenotes/notes/bug-1889936-78d6853b5212b8f1.yaml new file mode 100644 index 000000000..de96b27f7 --- /dev/null +++ b/releasenotes/notes/bug-1889936-78d6853b5212b8f1.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + [`bug 1889936 <https://bugs.launchpad.net/keystone/+bug/1889936>`_] + Properly decode octet strings, or byte arrays, returned from LDAP. |