gitblit icon indicating copy to clipboard operation
gitblit copied to clipboard
verified publisher icon gitblit-org

Fixes #1079: user+domain submitted in different formats resolves to different user accounts when Windows authentication is used.

Open fthevenet opened this issue 9 years ago • 0 comments

- Fixes #1079: user+domain submitted in different formats resolves to different user accounts when Windows authentication is used. As explain in referenced issue.

- Added a utility class that helps build and represent a valid set of Windows logon info. Used to help parse and validate user provided credentials in whatever supported format and resolve to the same identity. Tests for this class are provided.

- New property "realm.windows.allowMultipleDomainAuthentication": Allow or prohibit login with a user from a different domain than the specified defaultDomain. While addressing the simple parsing issue mentioned above, it appeared to me that the user model is not rich enough to properly support the notion of multiple domains. That means that if one wants to be able to distinguish two users with the same handle but registered in two different domains (and I think that one might ;-) ), it is necessary to craft a gitblit user account name that contains the domain in order to lift any ambiguity. The fact that that piece of data is used as a key in the internal user db (user.conf), also as the root for private repos (with the ~ prefix) which ultimately must be resolved as a file system path, and that it can be part of a git url, seriously limits the choices of characters that can be used as a separator in between the domain and the user name. Both conventional formats, domain\user and user@domain are out, as they either cause invalid FS path or urls, so I opted for domain_user. But recognizing that this looks kind of awkward and that for most multiple domain support might not be a requirement (also it could break existing scripts that explicitly populate users.conf), I opted to make that behavior optional:

  • With "realm.windows.allowMultipleDomainAuthentication" set to false, then a default domain name must be provided, and only users from that domain will be able to login. Disambiguation is therefore useless, so the bare username is used as a key in users.conf, and everything looks nice. (default behavior)
  • if "realm.windows.allowMultipleDomainAuthentication" is set to true, then user accounts are identified as "domain_user".

With all that said, I think that this is only a stop gap solution and that what's really needed is an evolution of the usermodel as well as a refactoring of how root folder for private repos are handled. I'd argue that this is especially needed as the issues here are most likely to appear also when using LDAP authentication or any auth scheme that support a similar notion to domains.

fthevenet avatar May 20 '16 09:05 fthevenet