1
0
mirror of https://github.com/minio/minio.git synced 2025-01-19 18:53:15 -05:00
Aditya Manthramurthy 5f78691fcf
ldap: Add user DN attributes list config param ()
This change uses the updated ldap library in minio/pkg (bumped
up to v3). A new config parameter is added for LDAP configuration to
specify extra user attributes to load from the LDAP server and to store
them as additional claims for the user.

A test is added in sts_handlers.go that shows how to access the LDAP
attributes as a claim.

This is in preparation for adding SSH pubkey authentication to MinIO's SFTP
integration.
2024-05-24 16:05:23 -07:00

233 lines
5.4 KiB
Go

// Copyright (c) 2015-2023 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package main
import (
"bufio"
"encoding/json"
"errors"
"flag"
"fmt"
"log"
"net/url"
"os"
"path/filepath"
"strings"
"syscall"
"github.com/minio/pkg/v3/ellipses"
)
type xl struct {
This string `json:"this"`
Sets [][]string `json:"sets"`
}
type format struct {
ID string `json:"id"`
XL xl `json:"xl"`
}
func getMountMap() (map[string]string, error) {
result := make(map[string]string)
mountInfo, err := os.Open("/proc/self/mountinfo")
if err != nil {
return nil, err
}
defer mountInfo.Close()
scanner := bufio.NewScanner(mountInfo)
for scanner.Scan() {
s := strings.Split(scanner.Text(), " ")
if len(s) != 11 {
return nil, errors.New("unsupported /proc/self/mountinfo format")
}
result[s[2]] = s[9]
}
if err := scanner.Err(); err != nil {
return nil, err
}
return result, nil
}
func getDiskUUIDMap() (map[string]string, error) {
result := make(map[string]string)
err := filepath.Walk("/dev/disk/by-uuid/",
func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
realPath, err := filepath.EvalSymlinks(path)
if err != nil {
return err
}
result[realPath] = strings.TrimPrefix(path, "/dev/disk/by-uuid/")
return nil
})
if err != nil {
return nil, err
}
return result, nil
}
type localDisk struct {
index int
path string
}
func getMajorMinor(path string) (string, error) {
var stat syscall.Stat_t
if err := syscall.Stat(path, &stat); err != nil {
return "", fmt.Errorf("unable to stat `%s`: %w", path, err)
}
devID := uint64(stat.Dev)
major := (devID & 0x00000000000fff00) >> 8
major |= (devID & 0xfffff00000000000) >> 32
minor := (devID & 0x00000000000000ff) >> 0
minor |= (devID & 0x00000ffffff00000) >> 12
return fmt.Sprintf("%d:%d", major, minor), nil
}
func filterLocalDisks(node, args string) ([]localDisk, error) {
var result []localDisk
argP, err := ellipses.FindEllipsesPatterns(args)
if err != nil {
return nil, err
}
exp := argP.Expand()
if node == "" {
for index, e := range exp {
result = append(result, localDisk{index: index, path: strings.Join(e, "")})
}
} else {
for index, e := range exp {
u, err := url.Parse(strings.Join(e, ""))
if err != nil {
return nil, err
}
if strings.Contains(u.Host, node) {
result = append(result, localDisk{index: index, path: u.Path})
}
}
}
return result, nil
}
func getFormatJSON(path string) (format, error) {
formatJSON, err := os.ReadFile(filepath.Join(path, ".minio.sys/format.json"))
if err != nil {
return format{}, err
}
var f format
err = json.Unmarshal(formatJSON, &f)
if err != nil {
return format{}, err
}
return f, nil
}
func getDiskLocation(f format) (string, error) {
for i, set := range f.XL.Sets {
for j, disk := range set {
if disk == f.XL.This {
return fmt.Sprintf("%d-%d", i, j), nil
}
}
}
return "", errors.New("format.json is corrupted")
}
func main() {
var node, args string
flag.StringVar(&node, "local-node-name", "", "the name of the local node")
flag.StringVar(&args, "args", "", "arguments passed to MinIO server")
flag.Parse()
localDisks, err := filterLocalDisks(node, args)
if err != nil {
log.Fatal(err)
}
if len(localDisks) == 0 {
log.Fatal("Fix --local-node-name or/and --args to select local disks.")
}
format, err := getFormatJSON(localDisks[0].path)
if err != nil {
log.Fatal(err)
}
setSize := len(format.XL.Sets[0])
expectedDisksName := make(map[string]string)
actualDisksName := make(map[string]string)
// Calculate the set/disk index
for _, disk := range localDisks {
expectedDisksName[fmt.Sprintf("%d-%d", disk.index/setSize, disk.index%setSize)] = disk.path
format, err := getFormatJSON(disk.path)
if err != nil {
log.Printf("Unable to read format.json from `%s`, error: %v\n", disk.path, err)
continue
}
foundDiskLoc, err := getDiskLocation(format)
if err != nil {
log.Printf("Unable to get disk location of `%s`, error: %v\n", disk.path, err)
continue
}
actualDisksName[foundDiskLoc] = disk.path
}
uuidMap, err := getDiskUUIDMap()
if err != nil {
log.Fatal("Unable to analyze UUID in /dev/disk/by-uuid/:", err)
}
mountMap, err := getMountMap()
if err != nil {
log.Fatal("Unable to parse /proc/self/mountinfo:", err)
}
for loc, expectedDiskName := range expectedDisksName {
diskName := actualDisksName[loc]
if diskName == "" {
log.Printf("skipping disk location `%s`, err: %v\n", diskName, err)
continue
}
mami, err := getMajorMinor(diskName)
if err != nil {
log.Printf("skipping `%s`, err: %v\n", diskName, err)
continue
}
devName := mountMap[mami]
uuid := uuidMap[devName]
fmt.Printf("UUID=%s\t%s\txfs\tdefaults,noatime\t0\t2\n", uuid, expectedDiskName)
}
}