Merge pull request #11709 from zmstone/0929-fix-ldap-query-crash-when-no-match-returned
0929 fix ldap query crash when no match returned
This commit is contained in:
Zaiming (Stone) Shi
GitHub
commit
c1ed798b69
|
|
@ -35,7 +35,7 @@
|
||||||
-define(EMQX_RELEASE_CE, "5.3.0").
|
-define(EMQX_RELEASE_CE, "5.3.0").
|
||||||
|
|
||||||
%% Enterprise edition
|
%% Enterprise edition
|
||||||
-define(EMQX_RELEASE_EE, "5.3.0-rc.1").
|
-define(EMQX_RELEASE_EE, "5.3.0-rc.2").
|
||||||
|
|
||||||
%% The HTTP API version
|
%% The HTTP API version
|
||||||
-define(EMQX_API_VERSION, "5.0").
|
-define(EMQX_API_VERSION, "5.0").
|
||||||
|
|
|
||||||
|
|
@ -1996,6 +1996,8 @@ trim_conninfo(ConnInfo) ->
|
||||||
%% NOTE
|
%% NOTE
|
||||||
%% We remove the peercert because it duplicates what's stored in the socket,
|
%% We remove the peercert because it duplicates what's stored in the socket,
|
||||||
%% otherwise it wastes about 1KB per connection.
|
%% otherwise it wastes about 1KB per connection.
|
||||||
|
%% Retrieve with: esockd_transport:peercert(Socket).
|
||||||
|
%% Decode with APIs exported from esockd_peercert and esockd_ssl
|
||||||
peercert
|
peercert
|
||||||
],
|
],
|
||||||
ConnInfo
|
ConnInfo
|
||||||
|
|
|
||||||
|
|
@ -135,11 +135,13 @@ login(
|
||||||
ensure_user_exists(Username);
|
ensure_user_exists(Username);
|
||||||
{ok, #{result := 'invalidCredentials'} = Reason} ->
|
{ok, #{result := 'invalidCredentials'} = Reason} ->
|
||||||
{error, Reason};
|
{error, Reason};
|
||||||
{error, _} = Error ->
|
{error, _Reason} ->
|
||||||
Error
|
%% All error reasons are logged in resource buffer worker
|
||||||
|
{error, ldap_bind_query_failed}
|
||||||
end;
|
end;
|
||||||
{error, _} = Error ->
|
{error, _Reason} ->
|
||||||
Error
|
%% All error reasons are logged in resource buffer worker
|
||||||
|
{error, ldap_query_failed}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
ensure_user_exists(Username) ->
|
ensure_user_exists(Username) ->
|
||||||
|
|
|
||||||
|
|
@ -262,10 +262,12 @@ do_ldap_query(
|
||||||
ldap_connector_query_return,
|
ldap_connector_query_return,
|
||||||
#{result => Result}
|
#{result => Result}
|
||||||
),
|
),
|
||||||
case Result#eldap_search_result.entries of
|
Entries = Result#eldap_search_result.entries,
|
||||||
[_] = Entry ->
|
Count = length(Entries),
|
||||||
{ok, Entry};
|
case Count =< 1 of
|
||||||
[_ | _] = L ->
|
true ->
|
||||||
|
{ok, Entries};
|
||||||
|
false ->
|
||||||
%% Accept only a single exact match.
|
%% Accept only a single exact match.
|
||||||
%% Multiple matches likely indicate:
|
%% Multiple matches likely indicate:
|
||||||
%% 1. A misconfiguration in EMQX, allowing overly broad query conditions.
|
%% 1. A misconfiguration in EMQX, allowing overly broad query conditions.
|
||||||
|
|
@ -276,7 +278,7 @@ do_ldap_query(
|
||||||
error,
|
error,
|
||||||
LogMeta#{
|
LogMeta#{
|
||||||
msg => "ldap_query_found_more_than_one_match",
|
msg => "ldap_query_found_more_than_one_match",
|
||||||
count => length(L)
|
count => length(Entries)
|
||||||
}
|
}
|
||||||
),
|
),
|
||||||
{error, {unrecoverable_error, Msg}}
|
{error, {unrecoverable_error, Msg}}
|
||||||
|
|
|
||||||
|
|
@ -856,7 +856,7 @@ handle_query_result(Id, Result, HasBeenSent) ->
|
||||||
{ack | nack, function(), counters()}.
|
{ack | nack, function(), counters()}.
|
||||||
handle_query_result_pure(_Id, ?RESOURCE_ERROR_M(exception, Msg), _HasBeenSent) ->
|
handle_query_result_pure(_Id, ?RESOURCE_ERROR_M(exception, Msg), _HasBeenSent) ->
|
||||||
PostFn = fun() ->
|
PostFn = fun() ->
|
||||||
?SLOG(error, #{msg => "resource_exception", info => Msg}),
|
?SLOG(error, #{msg => "resource_exception", info => emqx_utils:redact(Msg)}),
|
||||||
ok
|
ok
|
||||||
end,
|
end,
|
||||||
{nack, PostFn, #{}};
|
{nack, PostFn, #{}};
|
||||||
|
|
|
||||||
|
|
@ -361,8 +361,9 @@ do_handle_action(RuleId, {bridge, BridgeType, BridgeName, ResId}, Selected, _Env
|
||||||
Result ->
|
Result ->
|
||||||
Result
|
Result
|
||||||
end;
|
end;
|
||||||
do_handle_action(RuleId, #{mod := Mod, func := Func, args := Args}, Selected, Envs) ->
|
do_handle_action(RuleId, #{mod := Mod, func := Func} = Action, Selected, Envs) ->
|
||||||
%% the function can also throw 'out_of_service'
|
%% the function can also throw 'out_of_service'
|
||||||
|
Args = maps:get(args, Action, []),
|
||||||
Result = Mod:Func(Selected, Envs, Args),
|
Result = Mod:Func(Selected, Envs, Args),
|
||||||
inc_action_metrics(RuleId, Result),
|
inc_action_metrics(RuleId, Result),
|
||||||
Result.
|
Result.
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,8 @@ type: application
|
||||||
|
|
||||||
# This is the chart version. This version number should be incremented each time you make changes
|
# This is the chart version. This version number should be incremented each time you make changes
|
||||||
# to the chart and its templates, including the app version.
|
# to the chart and its templates, including the app version.
|
||||||
version: 5.3.0-rc.1
|
version: 5.3.0-rc.2
|
||||||
|
|
||||||
# This is the version number of the application being deployed. This version number should be
|
# This is the version number of the application being deployed. This version number should be
|
||||||
# incremented each time you make changes to the application.
|
# incremented each time you make changes to the application.
|
||||||
appVersion: 5.3.0-rc.1
|
appVersion: 5.3.0-rc.2
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue