replace debug() with our custom logger
mostly we want trace() and log(). trace() can be enabled whenever we want by flipping a flag and restarting box
This commit is contained in:
Girish Ramakrishnan
@@ -4,7 +4,7 @@ import apps from './apps.js';
|
||||
import AuditSource from './auditsource.js';
|
||||
import BoxError from './boxerror.js';
|
||||
import constants from './constants.js';
|
||||
import debugModule from 'debug';
|
||||
import logger from './logger.js';
|
||||
import eventlog from './eventlog.js';
|
||||
import groups from './groups.js';
|
||||
import ldap from 'ldapjs';
|
||||
@@ -13,7 +13,7 @@ import safe from 'safetydance';
|
||||
import users from './users.js';
|
||||
import util from 'node:util';
|
||||
|
||||
const debug = debugModule('box:ldapserver');
|
||||
const { log, trace } = logger('ldapserver');
|
||||
|
||||
let _MOCK_APP = null;
|
||||
|
||||
@@ -142,7 +142,7 @@ function finalSend(results, req, res, next) {
|
||||
}
|
||||
|
||||
async function userSearch(req, res, next) {
|
||||
debug('user search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
log('user search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
|
||||
const [error, result] = await safe(getUsersWithAccessToApp(req));
|
||||
if (error) return next(new ldap.OperationsError(error.message));
|
||||
@@ -195,7 +195,7 @@ async function userSearch(req, res, next) {
|
||||
}
|
||||
|
||||
async function groupSearch(req, res, next) {
|
||||
debug('group search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
log('group search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
|
||||
const results = [];
|
||||
|
||||
@@ -230,7 +230,7 @@ async function groupSearch(req, res, next) {
|
||||
}
|
||||
|
||||
async function groupUsersCompare(req, res, next) {
|
||||
debug('group users compare: dn %s, attribute %s, value %s (from %s)', req.dn.toString(), req.attribute, req.value, req.connection.ldap.id);
|
||||
log('group users compare: dn %s, attribute %s, value %s (from %s)', req.dn.toString(), req.attribute, req.value, req.connection.ldap.id);
|
||||
|
||||
const [error, result] = await safe(getUsersWithAccessToApp(req));
|
||||
if (error) return next(new ldap.OperationsError(error.message));
|
||||
@@ -245,7 +245,7 @@ async function groupUsersCompare(req, res, next) {
|
||||
}
|
||||
|
||||
async function groupAdminsCompare(req, res, next) {
|
||||
debug('group admins compare: dn %s, attribute %s, value %s (from %s)', req.dn.toString(), req.attribute, req.value, req.connection.ldap.id);
|
||||
log('group admins compare: dn %s, attribute %s, value %s (from %s)', req.dn.toString(), req.attribute, req.value, req.connection.ldap.id);
|
||||
|
||||
const [error, result] = await safe(getUsersWithAccessToApp(req));
|
||||
if (error) return next(new ldap.OperationsError(error.message));
|
||||
@@ -260,7 +260,7 @@ async function groupAdminsCompare(req, res, next) {
|
||||
}
|
||||
|
||||
async function mailboxSearch(req, res, next) {
|
||||
debug('mailbox search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
log('mailbox search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
|
||||
// if cn is set OR filter is mail= we only search for one mailbox specifically
|
||||
let email, dn;
|
||||
@@ -350,7 +350,7 @@ async function mailboxSearch(req, res, next) {
|
||||
}
|
||||
|
||||
async function mailAliasSearch(req, res, next) {
|
||||
debug('mail alias get: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
log('mail alias get: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
|
||||
if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError('Missing CN'));
|
||||
|
||||
@@ -389,7 +389,7 @@ async function mailAliasSearch(req, res, next) {
|
||||
}
|
||||
|
||||
async function mailingListSearch(req, res, next) {
|
||||
debug('mailing list get: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
log('mailing list get: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
|
||||
if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError('Missing CN'));
|
||||
|
||||
@@ -433,7 +433,7 @@ async function mailingListSearch(req, res, next) {
|
||||
|
||||
// Will attach req.user if successful
|
||||
async function authenticateUser(req, res, next) {
|
||||
debug('user bind: %s (from %s)', req.dn.toString(), req.connection.ldap.id);
|
||||
log('user bind: %s (from %s)', req.dn.toString(), req.connection.ldap.id);
|
||||
|
||||
const appId = req.app.id;
|
||||
|
||||
@@ -478,7 +478,7 @@ async function verifyMailboxPassword(mailbox, password) {
|
||||
}
|
||||
|
||||
async function authenticateSftp(req, res, next) {
|
||||
debug('sftp auth: %s (from %s)', req.dn.toString(), req.connection.ldap.id);
|
||||
log('sftp auth: %s (from %s)', req.dn.toString(), req.connection.ldap.id);
|
||||
|
||||
if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError('Missing CN'));
|
||||
|
||||
@@ -492,13 +492,13 @@ async function authenticateSftp(req, res, next) {
|
||||
const [verifyError] = await safe(users.verifyWithUsername(parts[0], req.credentials, app.id, { skipTotpCheck: true }));
|
||||
if (verifyError) return next(new ldap.InvalidCredentialsError(verifyError.message));
|
||||
|
||||
debug('sftp auth: success');
|
||||
log('sftp auth: success');
|
||||
|
||||
res.end();
|
||||
}
|
||||
|
||||
async function userSearchSftp(req, res, next) {
|
||||
debug('sftp user search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
log('sftp user search: dn %s, scope %s, filter %s (from %s)', req.dn.toString(), req.scope, req.filter.toString(), req.connection.ldap.id);
|
||||
|
||||
if (req.filter.attribute !== 'username' || !req.filter.value) return next(new ldap.NoSuchObjectError());
|
||||
|
||||
@@ -556,7 +556,7 @@ async function verifyAppMailboxPassword(serviceId, username, password) {
|
||||
}
|
||||
|
||||
async function authenticateService(serviceId, dn, req, res, next) {
|
||||
debug(`authenticateService: ${req.dn.toString()} (from ${req.connection.ldap.id})`);
|
||||
log(`authenticateService: ${req.dn.toString()} (from ${req.connection.ldap.id})`);
|
||||
|
||||
if (!dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError(dn.toString()));
|
||||
|
||||
@@ -608,7 +608,7 @@ async function authenticateMail(req, res, next) {
|
||||
// https://ldapwiki.com/wiki/RootDSE / RFC 4512 - ldapsearch -x -h "${CLOUDRON_LDAP_SERVER}" -p "${CLOUDRON_LDAP_PORT}" -b "" -s base
|
||||
// ldapjs seems to call this handler for everything when search === ''
|
||||
async function maybeRootDSE(req, res, next) {
|
||||
debug(`maybeRootDSE: requested with scope:${req.scope} dn:${req.dn.toString()}`);
|
||||
log(`maybeRootDSE: requested with scope:${req.scope} dn:${req.dn.toString()}`);
|
||||
|
||||
if (req.scope !== 'base') return next(new ldap.NoSuchObjectError()); // per the spec, rootDSE search require base scope
|
||||
if (!req.dn || req.dn.toString() !== '') return next(new ldap.NoSuchObjectError());
|
||||
@@ -633,16 +633,16 @@ async function start() {
|
||||
const logger = {
|
||||
trace: NOOP,
|
||||
debug: NOOP,
|
||||
info: debug,
|
||||
warn: debug,
|
||||
error: debug,
|
||||
fatal: debug
|
||||
info: log,
|
||||
warn: log,
|
||||
error: log,
|
||||
fatal: log
|
||||
};
|
||||
|
||||
gServer = ldap.createServer({ log: logger });
|
||||
|
||||
gServer.on('error', function (error) {
|
||||
debug('start: server error. %o', error);
|
||||
log('start: server error. %o', error);
|
||||
});
|
||||
|
||||
gServer.search('ou=users,dc=cloudron', authenticateApp, userSearch);
|
||||
@@ -670,14 +670,14 @@ async function start() {
|
||||
|
||||
// this is the bind for addons (after bind, they might search and authenticate)
|
||||
gServer.bind('ou=addons,dc=cloudron', function(req, res /*, next */) {
|
||||
debug('addons bind: %s', req.dn.toString()); // note: cn can be email or id
|
||||
log('addons bind: %s', req.dn.toString()); // note: cn can be email or id
|
||||
res.end();
|
||||
});
|
||||
|
||||
// this is the bind for apps (after bind, they might search and authenticate user)
|
||||
gServer.bind('ou=apps,dc=cloudron', function(req, res /*, next */) {
|
||||
// TODO: validate password
|
||||
debug('application bind: %s', req.dn.toString());
|
||||
log('application bind: %s', req.dn.toString());
|
||||
res.end();
|
||||
});
|
||||
|
||||
@@ -693,7 +693,7 @@ async function start() {
|
||||
|
||||
// just log that an attempt was made to unknown route, this helps a lot during app packaging
|
||||
gServer.use(function(req, res, next) {
|
||||
debug('not handled: dn %s, scope %s, filter %s (from %s)', req.dn ? req.dn.toString() : '-', req.scope, req.filter ? req.filter.toString() : '-', req.connection.ldap.id);
|
||||
log('not handled: dn %s, scope %s, filter %s (from %s)', req.dn ? req.dn.toString() : '-', req.scope, req.filter ? req.filter.toString() : '-', req.connection.ldap.id);
|
||||
return next();
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user