LDAP authentication crashes on non-ASCII usernames and/or passwords
Bug #1213818 reported by
Morten Brekkevold
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Network Administration Visualized |
Fix Released
|
Medium
|
Morten Brekkevold | ||
3.15 |
Fix Released
|
Medium
|
Morten Brekkevold |
Bug Description
The LDAP authentication mechanism in NAV appears to encode the entered username and password unicode strings as ASCII when sending them to the LDAP server. This would fail miserably for any user with non-ASCII characters in their username or password.
Changed in nav: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Traceback looks like this on NAV 3.14:
Traceback (most recent call last):
File "/usr/lib/ pymodules/ python2. 6/django/ core/handlers/ base.py" , line 100, in get_response
response = callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/ pymodules/ python2. 6/nav/web/ webfront/ views.py" , line 91, in login
return do_login(request)
File "/usr/lib/ pymodules/ python2. 6/nav/web/ webfront/ views.py" , line 114, in do_login te(username, password)
account = auth.authentica
File "/usr/lib/ pymodules/ python2. 6/nav/web/ auth.py" , line 144, in authenticate authenticate( username, password)
auth = ldapauth.
File "/usr/lib/ pymodules/ python2. 6/nav/web/ ldapauth. py", line 124, in authenticate bind(password)
user.
File "/usr/lib/ pymodules/ python2. 6/nav/web/ ldapauth. py", line 177, in bind ldap.simple_ bind_s( user_dn, password)
self.
File "/usr/lib/ python2. 6/dist- packages/ ldap/ldapobject .py", line 206, in simple_bind_s bind(who, cred,serverctrl s,clientctrls)
msgid = self.simple_
File "/usr/lib/ python2. 6/dist- packages/ ldap/ldapobject .py", line 200, in simple_bind call(self. _l.simple_ bind,who, cred,EncodeCont rolTuples( serverctrls) ,EncodeControlT uples(clientctr ls))
return self._ldap_
File "/usr/lib/ python2. 6/dist- packages/ ldap/ldapobject .py", line 96, in _ldap_call **kwargs)
result = func(*args,
UnicodeEncodeError: 'ascii' codec can't encode character u'\xf8' in position 0: ordinal not in range(128)
<ModPythonRequest interfaces? netboxid= 29'], u'username': [u'zaphod'], u'password': [u'\xf8l\ xf8l\xf8l\ xe6\xf8\ xe6\xf8s\ xe5\xf8f' ]}>, {'nav_sessid' : 'REDACTED'} x-www-form- urlencoded' , INTERFACE' : 'CGI/1.1', application/ xhtml+xml, application/ xml;q=0. 9,*/*;q= 0.8', ACCEPT_ ENCODING' : 'gzip,deflate, sdch', ACCEPT_ LANGUAGE' : 'no,en- US;q=0. 8,en;q= 0.6', CACHE_CONTROL' : 'max-age=0', CONTENT_ LENGTH' : '129', CONTENT_ TYPE': 'application/ x-www-form- urlencoded' , REDACTED' , /nav.example. org', /nav.example. org/index/ login/? origin= /report/ interfaces% 3Fnetboxid% 3D29',
path:/index/login/,
GET:<QueryDict: {}>,
POST:<QueryDict: {u'origin': [u'/report/
COOKIES:
META:{'AUTH_TYPE': None,
'CONTENT_LENGTH': '129',
'CONTENT_TYPE': 'application/
'GATEWAY_
'HTTP_ACCEPT': 'text/html,
'HTTP_
'HTTP_
'HTTP_
'HTTP_CONNECTION': 'keep-alive',
'HTTP_
'HTTP_
'HTTP_COOKIE': 'nav_sessid=
'HTTP_DNT': '1',
'HTTP_HOST': 'nav.example.org',
'HTTP_ORIGIN': 'https:/
'HTTP_REFERER': 'https:/
'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36',
'PATH_INFO': u'/index/login/',
'PATH_TRANSLATED': None,
'QUERY_STRING': None,
'REMOTE_ADDR': 'REDACTED',
'REMOTE_HOST': None,
'REMOTE_IDENT': None,
'REMOTE_USER': None,
'REQUEST_METHOD': 'POST',
'SCRIPT_NAME': '',
'SERVER_NAME': 'nav.example.org',
'SERVER_PORT': 443,
'SERVER_PROTOCOL': 'HTTP/1.1',
'SERVER_SOFTWARE': 'mod_python'}>