From 5a736af14bcc69510e91dc0226c30a1fb61fa31c Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Tue, 17 Dec 2024 11:53:54 +0100 Subject: [PATCH] always compare CNs as downcase Sometimes people end up with certificates that have uppercase letters in the CN, but pass lowercase in the auth map. --- manifests/apache.pp | 2 +- spec/classes/plugin_container_spec.rb | 2 +- spec/classes/pulpcore_spec.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/apache.pp b/manifests/apache.pp index b3fec56..f8ec601 100644 --- a/manifests/apache.pp +++ b/manifests/apache.pp @@ -53,7 +53,7 @@ ] $api_additional_request_headers = $pulpcore::api_client_auth_cn_map.map |String $cn, String $pulp_user| { - "set ${remote_user_environ_header} \"${pulp_user}\" \"expr=%{SSL_CLIENT_S_DN_CN} == '${cn}'\"" + "set ${remote_user_environ_header} \"${pulp_user}\" \"expr=%{tolower:%{SSL_CLIENT_S_DN_CN}} == '${cn.downcase}'\"" } $api_directory = { diff --git a/spec/classes/plugin_container_spec.rb b/spec/classes/plugin_container_spec.rb index 6bab2a4..c909cdc 100644 --- a/spec/classes/plugin_container_spec.rb +++ b/spec/classes/plugin_container_spec.rb @@ -53,7 +53,7 @@ class {'pulpcore': RequestHeader unset REMOTE-USER RequestHeader unset REMOTE_USER - RequestHeader set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == 'foreman.example.com'" + RequestHeader set REMOTE-USER "admin" "expr=%{tolower:%{SSL_CLIENT_S_DN_CN}} == 'foreman.example.com'" ProxyPass unix:///run/pulpcore-api.sock|http://pulpcore-api ProxyPassReverse unix:///run/pulpcore-api.sock|http://pulpcore-api diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb index 4822c8f..bd53a21 100644 --- a/spec/classes/pulpcore_spec.rb +++ b/spec/classes/pulpcore_spec.rb @@ -522,7 +522,7 @@ 'request_headers' => [ 'unset REMOTE-USER', 'unset REMOTE_USER', - 'set REMOTE-USER "admin" "expr=%{SSL_CLIENT_S_DN_CN} == \'foreman.example.com\'"', + 'set REMOTE-USER "admin" "expr=%{tolower:%{SSL_CLIENT_S_DN_CN}} == \'foreman.example.com\'"', ], } ])