backport of commit 5b41148bfcfd305991c19998f6d04ca8880da137 (#21488)
This commit is contained in:
parent
c97ada6e49
commit
9310e3acba
|
@ -9,6 +9,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/hashicorp/go-secure-stdlib/strutil"
|
"github.com/hashicorp/go-secure-stdlib/strutil"
|
||||||
|
|
||||||
"github.com/hashicorp/vault/sdk/framework"
|
"github.com/hashicorp/vault/sdk/framework"
|
||||||
"github.com/hashicorp/vault/sdk/helper/ldaputil"
|
"github.com/hashicorp/vault/sdk/helper/ldaputil"
|
||||||
"github.com/hashicorp/vault/sdk/logical"
|
"github.com/hashicorp/vault/sdk/logical"
|
||||||
|
@ -96,7 +97,7 @@ func (b *backend) Login(ctx context.Context, req *logical.Request, username stri
|
||||||
if b.Logger().IsDebug() {
|
if b.Logger().IsDebug() {
|
||||||
b.Logger().Debug("error getting user bind DN", "error", err)
|
b.Logger().Debug("error getting user bind DN", "error", err)
|
||||||
}
|
}
|
||||||
return "", nil, logical.ErrorResponse(errUserBindFailed), nil, nil
|
return "", nil, logical.ErrorResponse(errUserBindFailed), nil, logical.ErrInvalidCredentials
|
||||||
}
|
}
|
||||||
|
|
||||||
if b.Logger().IsDebug() {
|
if b.Logger().IsDebug() {
|
||||||
|
|
|
@ -83,17 +83,8 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
|
||||||
password := d.Get("password").(string)
|
password := d.Get("password").(string)
|
||||||
|
|
||||||
effectiveUsername, policies, resp, groupNames, err := b.Login(ctx, req, username, password, cfg.UsernameAsAlias)
|
effectiveUsername, policies, resp, groupNames, err := b.Login(ctx, req, username, password, cfg.UsernameAsAlias)
|
||||||
// Handle an internal error
|
if err != nil || (resp != nil && resp.IsError()) {
|
||||||
if err != nil {
|
return resp, err
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
if resp != nil {
|
|
||||||
// Handle a logical error
|
|
||||||
if resp.IsError() {
|
|
||||||
return resp, nil
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
resp = &logical.Response{}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
auth := &logical.Auth{
|
auth := &logical.Auth{
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:change
|
||||||
|
auth/ldap: Normalize HTTP response codes when invalid credentials are provided
|
||||||
|
```
|
|
@ -21,6 +21,8 @@ import (
|
||||||
"github.com/hashicorp/go-secure-stdlib/strutil"
|
"github.com/hashicorp/go-secure-stdlib/strutil"
|
||||||
"github.com/hashicorp/go-sockaddr"
|
"github.com/hashicorp/go-sockaddr"
|
||||||
"github.com/hashicorp/go-uuid"
|
"github.com/hashicorp/go-uuid"
|
||||||
|
uberAtomic "go.uber.org/atomic"
|
||||||
|
|
||||||
"github.com/hashicorp/vault/command/server"
|
"github.com/hashicorp/vault/command/server"
|
||||||
"github.com/hashicorp/vault/helper/identity"
|
"github.com/hashicorp/vault/helper/identity"
|
||||||
"github.com/hashicorp/vault/helper/identity/mfa"
|
"github.com/hashicorp/vault/helper/identity/mfa"
|
||||||
|
@ -36,7 +38,6 @@ import (
|
||||||
"github.com/hashicorp/vault/sdk/logical"
|
"github.com/hashicorp/vault/sdk/logical"
|
||||||
"github.com/hashicorp/vault/vault/quotas"
|
"github.com/hashicorp/vault/vault/quotas"
|
||||||
"github.com/hashicorp/vault/vault/tokens"
|
"github.com/hashicorp/vault/vault/tokens"
|
||||||
uberAtomic "go.uber.org/atomic"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -1408,7 +1409,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil, nil, resp.Error()
|
return resp, nil, routeErr
|
||||||
}
|
}
|
||||||
|
|
||||||
if resp != nil {
|
if resp != nil {
|
||||||
|
|
Loading…
Reference in New Issue