rename authentication backends sections

39a96f59 · Benjamin "Ziirish" SANS · 7b2dc921 · 39a96f59 · 39a96f59 · 39a96f59
Verified Commit 39a96f59 authored Jan 18, 2019 by Benjamin "Ziirish" SANS
7 changed files
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,7 @@ Current

 - **BREAKING**: the *single* and *version* options within the ``[Global]`` section have been removed in favor of a new unified *backend* option
 - **BREAKING**: a change introduced by `#284 <https://git.ziirish.me/ziirish/burp-ui/issues/284>`_ may return wrong timestamps for backups made with burp-server <= 2.1.10 if your current burp-server is >= 2.1.10
+- **BREAKING**: the authentication backends section have been renamed with the ``:AUTH`` suffix
 - Add: new `audit logging <https://git.ziirish.me/ziirish/burp-ui/issues/260>`_ system
 - Add: new ``bui-monitor`` processes pool + ``async`` backend to parallelize some requests `#278 <https://git.ziirish.me/ziirish/burp-ui/issues/278>`_ 
 - Add: new `listen` and `listen_status` options in burp-2.2.10 `#279 <https://git.ziirish.me/ziirish/burp-ui/issues/279>`_ 

--- a/burpui/misc/auth/basic.py
+++ b/burpui/misc/auth/basic.py
@@ -11,7 +11,7 @@ class BasicLoader(BUIloader):
    """The :class:`burpui.misc.auth.basic.BasicLoader` class loads the *Basic*
    users.
    """
-    section = name = 'BASIC'
+    section = name = 'BASIC:AUTH'

    def __init__(self, app=None, handler=None):
        """:func:`burpui.misc.auth.basic.BasicLoader.__init__` loads users from

--- a/burpui/misc/auth/ldap.py
+++ b/burpui/misc/auth/ldap.py
@@ -12,25 +12,11 @@ except ImportError:
    raise ImportError('Unable to load \'ldap3\' module')


-def get_ssl_version(version):
-    SSL_SUPPORTED = ['SSLv2', 'SSLv3', 'SSLv23', 'TLSv1', 'TLSv1_1', 'TLSv1_2']
-    if version and version in SSL_SUPPORTED:
-        try:
-            return getattr(ssl, 'PROTOCOL_{}'.format(version))
-        except AttributeError:
-            idx = SSL_SUPPORTED.index(version) + 1
-            if idx == len(SSL_SUPPORTED):
-                return None
-            return get_ssl_version(SSL_SUPPORTED[idx])
-    else:
-        return None
-
-
 class LdapLoader(BUIloader):
    """The :class:`burpui.misc.auth.ldap.LdapLoader` handles searching for and
    binding as a :class:`burpui.misc.auth.ldap.LdapUser` user.
    """
-    section = name = 'LDAP'
+    section = name = 'LDAP:AUTH'

    def __init__(self, app=None, handler=None):
        """:func:`burpui.misc.auth.ldap.LdapLoader.__init__` establishes a
@@ -53,7 +39,6 @@ class LdapLoader(BUIloader):
                'base': None,
                'searchattr': 'uid',
                'validate': 'none',
-                'version': None,
                'cafile': None,
            }
        }
@@ -67,7 +52,6 @@ class LdapLoader(BUIloader):
            'binddn': 'binddn',
            'bindpw': 'bindpw',
            'validate': 'validate',
-            'version': 'version',
            'cafile': 'cafile'
        }
        conf.update_defaults(defaults)
@@ -88,9 +72,7 @@ class LdapLoader(BUIloader):
            self.validate = getattr(ssl, 'CERT_{}'.format(self.validate.upper()))
        else:
            self.validate = None
-        self.version = get_ssl_version(self.version)
-        if not self.version:
-            self.logger.warning('No SSL version chosen')
+        self.version = ssl.OP_NO_SSLv3
        self.users = []
        self.tls = None
        self.ssl = False
@@ -170,7 +152,7 @@ class LdapLoader(BUIloader):
                self.ldap.search(self.base, query, attributes=['cn', self.attr])
                r = self.ldap.response
            if not r:
-                raise Exception('no results')
+                raise ValueError('no results')
        except Exception as e:
            self.logger.error('Ooops, LDAP lookup failed: {0}'.format(str(e)))
            return None

--- a/burpui/misc/auth/local.py
+++ b/burpui/misc/auth/local.py
@@ -12,7 +12,7 @@ class LocalLoader(BUIloader):
    """The :class:`burpui.misc.auth.local.LocalLoader` class loads the *Local*
    users.
    """
-    section = name = 'LOCAL'
+    section = name = 'LOCAL:AUTH'

    def __init__(self, app=None, handler=None):
        """:func:`burpui.misc.auth.Local.localLoader.__init__` loads users from

--- a/docs/advanced_usage.rst
+++ b/docs/advanced_usage.rst
@@ -509,7 +509,7 @@ Now you can add *ldap* specific options:
 ::

    # ldapauth specific options
-    [LDAP]
+    [LDAP:AUTH]
    # Backend priority. Higher is first
    priority = 50
    # LDAP host
@@ -524,13 +524,6 @@ Now you can add *ldap* specific options:
    #  - optional (not required, but validated if provided)
    #  - required (required and validated)
    validate = none
-    # SSL or TLS version to use, can be one of the following:
-    #  - SSLv2
-    #  - SSLv3
-    #  - SSLv23
-    #  - TLSv1
-    #  - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
-    version = TLSv1
    # the file containing the certificates of the certification authorities
    cafile = none
    # Attribute to use when searching the LDAP repository
@@ -573,7 +566,7 @@ Now you can add *basic* specific options:
    # basicauth specific options
    # Note: in case you leave this section commented, the default login/password
    # is admin/admin
-    [BASIC]
+    [BASIC:AUTH]
    # Backend priority. Higher is first
    priority = 100
    admin = pbkdf2:sha1:1000$12345678$password
@@ -608,7 +601,7 @@ Now you can add *local* specific options:
    # localauth specific options
    # Note: if not running as root, then burp-ui must be run as group 'shadow' to
    # allow PAM to work
-    [LOCAL]
+    [LOCAL:AUTH]
    # Backend priority. Higher is first
    priority = 0
    # List of local users allowed to login. If you don't set this setting, users

--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -27,6 +27,10 @@ v0.7.0
  `Backend options <advanced_usage.html#options>`__ for details).
  The drawback of enabling the ``deep_inspection`` is this requires some extra
  work that may slow down burp-ui.
+- **Breaking** - the authentication backends section have been renamed with the
+  ``:AUTH`` suffix (so ``BASIC`` becomes ``BASIC:AUTH``, etc.).
+  Please make sure you rename those sections accordingly so you won't be locked
+  out.

 v0.6.0
 ------

--- a/share/burpui/etc/burpui.sample.cfg
+++ b/share/burpui/etc/burpui.sample.cfg
@@ -223,7 +223,7 @@ max_bytes = 30 * 1024 * 1024
 rotate = 5

 ## ldapauth specific options
-#[LDAP]
+#[LDAP:AUTH]
 ## Backend priority. Higher is first
 #priority = 50
 ## LDAP host
@@ -238,13 +238,6 @@ rotate = 5
 ##  - optional (not required, but validated if provided)
 ##  - required (required and validated)
 #validate = none
-## SSL or TLS version to use, can be one of the following:
-##  - SSLv2
-##  - SSLv3
-##  - SSLv23
-##  - TLSv1
-##  - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
-#version = TLSv1
 ## the file containing the certificates of the certification authorities
 #cafile = none
 ## Attribute to use when searching the LDAP repository
@@ -265,7 +258,7 @@ rotate = 5
 ## basicauth specific options
 ## Note: in case you leave this section commented, the default login/password
 ## is admin/admin
-#[BASIC]
+#[BASIC:AUTH]
 ## Backend priority. Higher is first
 #priority = 100
 #admin = password
@@ -274,7 +267,7 @@ rotate = 5
 ## localauth specific options
 ## Note: if not running as root, then burp-ui must be run as group 'shadow' to
 ## allow PAM to work
-#[LOCAL]
+#[LOCAL:AUTH]
 ## Backend priority. Higher is first
 #priority = 0
 ## List of local users allowed to login. If you don't set this setting, users