il y a 4 ans · eda8309a04
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -35,7 +35,7 @@ class Auth(auth.BaseAuth):
 
				     _ldap_secret: str
			
 
				     _ldap_filter: str
			
 
				     _ldap_load_groups: bool
			
 
				-    _ldap_groups = []
			
 
				+    _ldap_groups = set
			
 
				 
			
 
				     def __init__(self, configuration: config.Configuration) -> None:
			
 
				         super().__init__(configuration)
			
@@ -77,10 +77,12 @@ class Auth(auth.BaseAuth):
 
				             conn.protocol_version = 3
			
 
				             conn.set_option(ldap.OPT_REFERRALS, 0)
			
 
				             conn.simple_bind_s(user_dn,password)
			
 
				+            tmp = []
			
 
				             if self._ldap_load_groups:
			
 
				-                self._ldap_groups = []
			
 
				+                tmp = []
			
 
				                 for t in res[0][1]['memberOf']:
			
 
				-                    self._ldap_groups.append(t.decode('utf-8').split(',')[0][3:])
			
 
				+                    tmp.append(t.decode('utf-8').split(',')[0][3:])
			
 
				+                self._ldap_groups = set(tmp)
			
 
				                 logger.debug("LDAP Auth groups of user: %s",",".join(self._ldap_groups))
			
 
				             conn.unbind()
			
 
				             return login
			
--- a/radicale/rights/from_file.py
+++ b/radicale/rights/from_file.py
@@ -44,30 +44,42 @@ from radicale.log import logger
 
				 class Rights(rights.BaseRights):
			
 
				 
			
 
				     _filename: str
			
 
				+    _rights_config
			
 
				 
			
 
				     def __init__(self, configuration: config.Configuration) -> None:
			
 
				         super().__init__(configuration)
			
 
				         self._filename = configuration.get("rights", "file")
			
 
				+        _rights_config = configparser.ConfigParser()
			
 
				+        try:
			
 
				+            with open(self._filename, "r") as f:
			
 
				+                _rights_config.read_file(f)
			
 
				+        except Exception as e:
			
 
				+            raise RuntimeError("Failed to load rights file %r: %s" %
			
 
				+                               (self._filename, e)) from e
			
 
				 
			
 
				     def authorization(self, user: str, path: str) -> str:
			
 
				         user = user or ""
			
 
				         sane_path = pathutils.strip_path(path)
			
 
				         # Prevent "regex injection"
			
 
				         escaped_user = re.escape(user)
			
 
				-        rights_config = configparser.ConfigParser()
			
 
				-        try:
			
 
				-            with open(self._filename, "r") as f:
			
 
				-                rights_config.read_file(f)
			
 
				-        except Exception as e:
			
 
				-            raise RuntimeError("Failed to load rights file %r: %s" %
			
 
				-                               (self._filename, e)) from e
			
 
				-        for section in rights_config.sections():
			
 
				+
			
 
				+        for section in _rights_config.sections():
			
 
				+            user_match       = False
			
 
				+            group_match      = []
			
 
				+            collection_match = False
			
 
				             try:
			
 
				-                user_pattern = rights_config.get(section, "user")
			
 
				-                collection_pattern = rights_config.get(section, "collection")
			
 
				+                collection_pattern = _rights_config.get(section, "collection")
			
 
				+                user_pattern = _rights_config.get(section, "user", fallback = "")
			
 
				+                groups = _rights_config.get(section, "groups", fallback = "").split(",")
			
 
				+
			
 
				+                try:
			
 
				+                    group_match = self._auth._ldap_groups & set(groups)
			
 
				+                except NameError:
			
 
				+                    pass
			
 
				+
			
 
				                 # Use empty format() for harmonized handling of curly braces
			
 
				                 user_match = re.fullmatch(user_pattern.format(), user)
			
 
				-                collection_match = user_match and re.fullmatch(
			
 
				+                collection_match = re.fullmatch(
			
 
				                     collection_pattern.format(
			
 
				                         *(re.escape(s) for s in user_match.groups()),
			
 
				                         user=escaped_user), sane_path)
			
@@ -75,10 +87,15 @@ class Rights(rights.BaseRights):
 
				                 raise RuntimeError("Error in section %r of rights file %r: "
			
 
				                                    "%s" % (section, self._filename, e)) from e
			
 
				             if user_match and collection_match:
			
 
				-                logger.debug("Rule %r:%r matches %r:%r from section %r",
			
 
				+                logger.debug("User rule %r:%r matches %r:%r from section %r",
			
 
				                              user, sane_path, user_pattern,
			
 
				                              collection_pattern, section)
			
 
				-                return rights_config.get(section, "permissions")
			
 
				+                return _rights_config.get(section, "permissions")
			
 
				+            if len(group_match) > 0 and collection_match:
			
 
				+                logger.debug("Group rule %r:%r matches %r from section %r",
			
 
				+                             group_match, sane_path,
			
 
				+                             collection_pattern, section)
			
 
				+                return _rights_config.get(section, "permissions")
			
 
				             logger.debug("Rule %r:%r doesn't match %r:%r from section %r",
			
 
				                          user, sane_path, user_pattern, collection_pattern,
			
 
				                          section)