adding myldap

ansibleguy76 · Nov 7, 2023 · 416dd9f · 416dd9f
1 parent abd3cc7
commit 416dd9f
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 7 deletions.
diff --git a/server/Dockerfile b/server/Dockerfile
@@ -24,6 +24,7 @@ RUN apk add --update --no-cache --virtual .build-deps g++ gcc libxml2-dev libxsl
 RUN apk add --no-cache libxslt
 RUN apk add --no-cache mysql-client
 RUN apk add --no-cache curl
+RUN apk add --no-cache py3-pyldap
 RUN pip3 install --no-cache-dir lxml
 RUN apk del .build-deps
 RUN pip3 install PyMySQL

diff --git a/server/src/lib/common.js b/server/src/lib/common.js
@@ -28,6 +28,11 @@ Helpers.getError=function(err){
   }
 }
 
+Helpers.escapeStringForCommandLine=function(value) {
+  const escaped = value.replace(/'/g, "\\'")
+  return escaped;
+}
+
 Helpers.checkCertificate=function(cert){
   certs=cert.replace(/-----(\r\n|\n|\r)-----/gm,"-----|-----").split("|")
   if(certs.length>1){

diff --git a/server/src/models/job.model.js b/server/src/models/job.model.js
@@ -20,7 +20,7 @@ function pushForminfoToExtravars(formObj,extravars,creds={}){
   // push top form fields to extravars
   // change in 4.0.16 => easier to process & available in playbook, might be handy
   // no credentials added here, because then can also come from asCredential property and these would get lost.
-  const topFields=['template','playbook','tags','limit','execution_environment','check','diff','verbose','keepExtravars','credentials','inventory','awxCredentials']
+  const topFields=['template','playbook','tags','limit','execution_environment','check','diff','verbose','keepExtravars','credentials','inventory','awxCredentials','ansibleCredentials']
   for (const fieldName of topFields) {
     // Check if the field exists in formObj and if the property is not present in extravars
     if (formObj.hasOwnProperty(fieldName) && extravars[`__${fieldName}__`] === undefined) {
@@ -44,19 +44,26 @@ Exec.executeCommand = (cmd,jobid,counter) => {
   var directory = cmd.directory
   var description = cmd.description
   var extravars = cmd.extravars
+  var hiddenExtravars = cmd.hiddenExtravars
   var extravarsFileName = cmd.extravarsFileName
+  var hiddenExtravarsFileName = cmd.hiddenExtravarsFileName
   var keepExtravars = cmd.keepExtravars
   var task = cmd.task
+
   // execute the procces
   return new Promise((resolve,reject)=>{
     logger.debug(`${description}, ${directory} > ${Helpers.logSafe(command)}`)
     try{
-      
+
 
       if(extravarsFileName){
         logger.debug(`Storing extravars to file ${extravarsFileName}`)
         var filepath=path.join(directory,extravarsFileName)
         fs.writeFileSync(filepath,extravars) 
+
+        logger.debug(`Storing hidden extravars to file ${hiddenExtravarsFileName}`)
+        var he_filepath=path.join(directory,hiddenExtravarsFileName)
+        fs.writeFileSync(he_filepath,hiddenExtravars)         
       }else{
         logger.warning("No filename was given")
       }
@@ -110,6 +117,9 @@ Exec.executeCommand = (cmd,jobid,counter) => {
           logger.debug(`Removing extavars file ${filepath}`)
           fs.unlinkSync(filepath)    
         }
+        if(hiddenExtravarsFileName){
+          fs.unlinkSync(he_filepath) 
+        }
 
       })
       // add error eventlistener to the process; set failed
@@ -906,26 +916,40 @@ Ansible.launch=async (ev,credentials,jobid,counter,approval,approved=false)=>{
   var limit = extravars?.__limit__ || ""
   var keepExtravars = extravars?.__keepExtravars__ || false    
   var diff = extravars?.__diff__ || false  
+  var ansibleCredentials = extravars?.__ansibleCredentials__ || ""  
 
   // merge credentials now
   extravars = {...extravars,...credentials}
   // convert to string for the command
   extravars = JSON.stringify(extravars)
+  // define hiddenExtravars
+  var hiddenExtravars={}
+  if(ansibleCredentials){ 
+    const runCredential = await Credential.findByName(ansibleCredentials)
+    hiddenExtravars.ansible_user = runCredential.user
+    hiddenExtravars.ansible_password = runCredential.password
+  }
+  // convert to string for the command
+  hiddenExtravars = JSON.stringify(hiddenExtravars)  
+
   // make extravars file
   const extravarsFileName = `extravars_${jobid}.json`;
+  const hiddenExtravarsFileName = `he_${extravarsFileName}`
   logger.debug(`Extravars File: ${extravarsFileName}`);
   // prepare my ansible command
 
-  var command = `ansible-playbook -e '@${extravarsFileName}'`
+  var command = `ansible-playbook -e '@${extravarsFileName}' -e '@${hiddenExtravarsFileName}'`
+
   inventory.forEach((item, i) => {  command += ` -i '${item}'` });
   if(tags){ command += ` -t '${tags}'` }
   if(check){ command += ` --check` }
   if(diff){ command += ` --diff` }
   if(verbose){ command += ` -vvv`}
   if(limit){ command += ` --limit '${limit}'`}
+
   command += ` ${playbook}`
   var directory = ansibleConfig.path
-  var cmdObj = {directory:directory,command:command,description:"Running playbook",task:"Playbook",extravars:extravars,extravarsFileName:extravarsFileName,keepExtravars:keepExtravars}
+  var cmdObj = {directory:directory,command:command,description:"Running playbook",task:"Playbook",extravars:extravars,hiddenExtravars:hiddenExtravars,extravarsFileName:extravarsFileName,hiddenExtravarsFileName:hiddenExtravarsFileName,keepExtravars:keepExtravars}
 
   logger.notice("Running playbook : " + playbook)
   logger.debug("extravars : " + extravars)

diff --git a/server/src/models/ldap.model.js b/server/src/models/ldap.model.js
@@ -96,6 +96,7 @@ Ldap.check = function(ldapConfig){
       logger.notice("Certificates are valid")
       try{
         // logger.debug(JSON.stringify(options))
+        logger.notice("Authenticating")
         var user = await authenticate(options)
         resolve(user)
       }catch(err){
@@ -106,17 +107,21 @@ Ldap.check = function(ldapConfig){
           try{ em = YAML.stringify(err)}catch(e){em = err}
         }
         if(err.admin){
-          if(err.admin.code){
-            em = err
+          if(err.admin.lde_message){
+            try{ em = YAML.stringify(err.admin.lde_message)}catch(e){em = err}
+          }
+          else if(err.admin.code){
+            try{ em = YAML.stringify(err.admin)}catch(e){em = err}
             if(err.admin.code=="UNABLE_TO_VERIFY_LEAF_SIGNATURE"){
               em = "Unable to verify the certificate"
             }else if(err.admin.code==49){
               em = "Wrong binding credentials"
-            }else if(err.admin.code="ENOTFOUND"){
+            }else if(err.admin.code=="ENOTFOUND"){
               em = "Bad server or port (connection failed)"
             }
           }
         }
+
         if(em.includes("user not found")){
           logger.notice("Checking ldap connection ok")
           resolve()