search

rundeck / rundeck

Enable Self-Service Operations: Give specific users access to your existing tools, services, and scripts
http://rundeck.org
Apache License 2.0
5.54k stars 922 forks source link

Docker JAAS config: generated config file should have quotes #6173

Closed gschueler closed 4 years ago

gschueler commented 4 years ago

Describe the bug Some of the config values in the jaas-loginmodule.conf file are not quoted as they should be.

My Rundeck detail

To Reproduce

docker run -P -p 4440:4440 -e RUNDECK_GRAILS_URL=http://localhost:4440 \
-e RUNDECK_JAAS_MODULES_0=JettyCombinedLdapLoginModule \
-e RUNDECK_JAAS_MODULES_1=PropertyFileLoginModule \
-e RUNDECK_JAAS_LDAP_FLAG=sufficient \
-e RUNDECK_JAAS_LDAP_PROVIDERURL=ldap://test \
-e RUNDECK_JAAS_LDAP_BINDDN=cn=bindcn \
-e RUNDECK_JAAS_LDAP_BINDPASSWORD=bindpasswd \
-e RUNDECK_JAAS_LDAP_USERBASEDN=userbasedn \
-e RUNDECK_JAAS_LDAP_ROLEBASEDN=rolebasedn \
-e RUNDECK_JAAS_LDAP_IGNOREROLES=ignoreroles \
-e RUNDECK_JAAS_LDAP_STOREPASS=storepass \
-e RUNDECK_JAAS_LDAP_CLEARPASS=clearpass \
-e RUNDECK_JAAS_LDAP_USEFIRSTPASS=usefirstpass \
-e RUNDECK_JAAS_LDAP_TRYFIRSTPASS=tryfirstpass \
-e RUNDECK_JAAS_LDAP_USERLASTNAMEATTRIBUTE=userlastnameattr \
-e RUNDECK_JAAS_LDAP_USERFIRSTNAMEATTRIBUTE=userfirstnameattr \
-e RUNDECK_JAAS_LDAP_USEREMAILATTRIBUTE=useremailattribute \
-e RUNDECK_JAAS_LDAP_NESTEDGROUPS=nestedgroups \
rundeck:rundeck/SNAPSHOT

The JettyCachingLdapLoginModule config options in jaas-loginmodule.conf need to all be quoted, but not all of them are:

output:

rundeck {
     com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule sufficient
         debug="true"
         contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
         providerUrl="ldap://test"
         bindDn="cn=bindcn"
 bindPassword="bindpasswd"
         authenticationMethod="simple"
         forceBindingLogin="true"
         forceBindingLoginUseRootContextForRoles="true"
         userBaseDn="userbasedn"
         userRdnAttribute="cn"
         userIdAttribute="cn"
         userPasswordAttribute="userPassword"
         userObjectClass="person"
         roleBaseDn="rolebasedn"
         roleNameAttribute="cn"
         roleMemberAttribute="uniqueMember"
         roleObjectClass="groupOfUniqueNames"
         rolePrefix=""
         cacheDurationMillis="600000"
         reportStatistics="true"
 ignoreRoles=ignoreroles
 storePass=storepass
 clearPass=clearpass
 useFirstPass=usefirstpass
 tryFirstPass=tryfirstpass
 userLastNameAttribute=userlastnameattr
 userFirstNameAttribute=userfirstnameattr
 userEmailAttribute=useremailattribute
 nestedGroups=nestedgroups
      ;
      org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
         debug="true"
         file="/home/rundeck/server/config/realm.properties";
   };

Note "ignoreRoles=ignoreRoles" etc.

Expected behavior

Option values need to be quoted

Additional context

reference https://docs.oracle.com/javase/8/docs/api/javax/security/auth/login/Configuration.html

gschueler commented 4 years ago

dupe of #5731