git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Ernesto Puerta <epuertat@redhat.com>
	Fri, 23 Aug 2019 11:45:45 +0000 (13:45 +0200)
committer	Ernesto Puerta <epuertat@redhat.com>
	Fri, 23 Aug 2019 12:35:06 +0000 (14:35 +0200)
commit	ff4fb0fbbdedc70807a2e4b475d22bf3b2f04683
tree	db102e4490d2fee0e6d512f9de4709378ae82302	tree \| snapshot
parent	d373178c4305c71a9f180dc6aef9ebb16fb55d6f	commit \| diff

mgr/dashboard: fix SAML input argument handling

Currently dashboard provides a Ceph command to specify location or
contents of SAML2 IdP XML (`idp_metadata` argument). This loose
interface is implemented by trying to:
- First, opens HTTPS connection to whatever that argument contains (it
might be a proper remote URL, a local file or XML contents).
- Then, tries to open the local file
- Finally, assumes the input argument is an XML and proceeds to parse
it.

However, as the XML can have an undefined length, when fed as a filename
it results in FreeBSD raising a OSError exception (`Max filename length
exceeded`, 1K). This essentially means that this handling results in
unexpected behaviour, as it pushes the validation & error handling to
the underlying methods.

In this fix, some preliminary validation is performed. Especifically:
- Is the input argument a potential filename?
- Is the input argument complying with URL syntax?

Only if the above checks fail, the input argument is fed into the XML
parser.

Additionally, previous syntax is deprecated, so now, `idp_metadata`
enforces 2 syntaxes:
- Raw XML contents
- URL specification (http, https, and file schemas accepted). For local
file, URL 'file://<path>' should be used instead.

Fixes: https://tracker.ceph.com/issues/41358
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>

doc/mgr/dashboard.rst		diff \| blob \| history
src/pybind/mgr/dashboard/services/sso.py		diff \| blob \| history