Commit 39a96f59 authored by Ziirish's avatar Ziirish

rename authentication backends sections

parent 7b2dc921
Pipeline #1521 failed with stage
in 1 minute and 39 seconds
......@@ -6,6 +6,7 @@ Current
- **BREAKING**: the *single* and *version* options within the ``[Global]`` section have been removed in favor of a new unified *backend* option
- **BREAKING**: a change introduced by `#284 <https://git.ziirish.me/ziirish/burp-ui/issues/284>`_ may return wrong timestamps for backups made with burp-server <= 2.1.10 if your current burp-server is >= 2.1.10
- **BREAKING**: the authentication backends section have been renamed with the ``:AUTH`` suffix
- Add: new `audit logging <https://git.ziirish.me/ziirish/burp-ui/issues/260>`_ system
- Add: new ``bui-monitor`` processes pool + ``async`` backend to parallelize some requests `#278 <https://git.ziirish.me/ziirish/burp-ui/issues/278>`_
- Add: new `listen` and `listen_status` options in burp-2.2.10 `#279 <https://git.ziirish.me/ziirish/burp-ui/issues/279>`_
......
......@@ -11,7 +11,7 @@ class BasicLoader(BUIloader):
"""The :class:`burpui.misc.auth.basic.BasicLoader` class loads the *Basic*
users.
"""
section = name = 'BASIC'
section = name = 'BASIC:AUTH'
def __init__(self, app=None, handler=None):
""":func:`burpui.misc.auth.basic.BasicLoader.__init__` loads users from
......
......@@ -12,25 +12,11 @@ except ImportError:
raise ImportError('Unable to load \'ldap3\' module')
def get_ssl_version(version):
SSL_SUPPORTED = ['SSLv2', 'SSLv3', 'SSLv23', 'TLSv1', 'TLSv1_1', 'TLSv1_2']
if version and version in SSL_SUPPORTED:
try:
return getattr(ssl, 'PROTOCOL_{}'.format(version))
except AttributeError:
idx = SSL_SUPPORTED.index(version) + 1
if idx == len(SSL_SUPPORTED):
return None
return get_ssl_version(SSL_SUPPORTED[idx])
else:
return None
class LdapLoader(BUIloader):
"""The :class:`burpui.misc.auth.ldap.LdapLoader` handles searching for and
binding as a :class:`burpui.misc.auth.ldap.LdapUser` user.
"""
section = name = 'LDAP'
section = name = 'LDAP:AUTH'
def __init__(self, app=None, handler=None):
""":func:`burpui.misc.auth.ldap.LdapLoader.__init__` establishes a
......@@ -53,7 +39,6 @@ class LdapLoader(BUIloader):
'base': None,
'searchattr': 'uid',
'validate': 'none',
'version': None,
'cafile': None,
}
}
......@@ -67,7 +52,6 @@ class LdapLoader(BUIloader):
'binddn': 'binddn',
'bindpw': 'bindpw',
'validate': 'validate',
'version': 'version',
'cafile': 'cafile'
}
conf.update_defaults(defaults)
......@@ -88,9 +72,7 @@ class LdapLoader(BUIloader):
self.validate = getattr(ssl, 'CERT_{}'.format(self.validate.upper()))
else:
self.validate = None
self.version = get_ssl_version(self.version)
if not self.version:
self.logger.warning('No SSL version chosen')
self.version = ssl.OP_NO_SSLv3
self.users = []
self.tls = None
self.ssl = False
......@@ -170,7 +152,7 @@ class LdapLoader(BUIloader):
self.ldap.search(self.base, query, attributes=['cn', self.attr])
r = self.ldap.response
if not r:
raise Exception('no results')
raise ValueError('no results')
except Exception as e:
self.logger.error('Ooops, LDAP lookup failed: {0}'.format(str(e)))
return None
......
......@@ -12,7 +12,7 @@ class LocalLoader(BUIloader):
"""The :class:`burpui.misc.auth.local.LocalLoader` class loads the *Local*
users.
"""
section = name = 'LOCAL'
section = name = 'LOCAL:AUTH'
def __init__(self, app=None, handler=None):
""":func:`burpui.misc.auth.Local.localLoader.__init__` loads users from
......
......@@ -509,7 +509,7 @@ Now you can add *ldap* specific options:
::
# ldapauth specific options
[LDAP]
[LDAP:AUTH]
# Backend priority. Higher is first
priority = 50
# LDAP host
......@@ -524,13 +524,6 @@ Now you can add *ldap* specific options:
# - optional (not required, but validated if provided)
# - required (required and validated)
validate = none
# SSL or TLS version to use, can be one of the following:
# - SSLv2
# - SSLv3
# - SSLv23
# - TLSv1
# - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
version = TLSv1
# the file containing the certificates of the certification authorities
cafile = none
# Attribute to use when searching the LDAP repository
......@@ -573,7 +566,7 @@ Now you can add *basic* specific options:
# basicauth specific options
# Note: in case you leave this section commented, the default login/password
# is admin/admin
[BASIC]
[BASIC:AUTH]
# Backend priority. Higher is first
priority = 100
admin = pbkdf2:sha1:1000$12345678$password
......@@ -608,7 +601,7 @@ Now you can add *local* specific options:
# localauth specific options
# Note: if not running as root, then burp-ui must be run as group 'shadow' to
# allow PAM to work
[LOCAL]
[LOCAL:AUTH]
# Backend priority. Higher is first
priority = 0
# List of local users allowed to login. If you don't set this setting, users
......
......@@ -27,6 +27,10 @@ v0.7.0
`Backend options <advanced_usage.html#options>`__ for details).
The drawback of enabling the ``deep_inspection`` is this requires some extra
work that may slow down burp-ui.
- **Breaking** - the authentication backends section have been renamed with the
``:AUTH`` suffix (so ``BASIC`` becomes ``BASIC:AUTH``, etc.).
Please make sure you rename those sections accordingly so you won't be locked
out.
v0.6.0
------
......
......@@ -223,7 +223,7 @@ max_bytes = 30 * 1024 * 1024
rotate = 5
## ldapauth specific options
#[LDAP]
#[LDAP:AUTH]
## Backend priority. Higher is first
#priority = 50
## LDAP host
......@@ -238,13 +238,6 @@ rotate = 5
## - optional (not required, but validated if provided)
## - required (required and validated)
#validate = none
## SSL or TLS version to use, can be one of the following:
## - SSLv2
## - SSLv3
## - SSLv23
## - TLSv1
## - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
#version = TLSv1
## the file containing the certificates of the certification authorities
#cafile = none
## Attribute to use when searching the LDAP repository
......@@ -265,7 +258,7 @@ rotate = 5
## basicauth specific options
## Note: in case you leave this section commented, the default login/password
## is admin/admin
#[BASIC]
#[BASIC:AUTH]
## Backend priority. Higher is first
#priority = 100
#admin = password
......@@ -274,7 +267,7 @@ rotate = 5
## localauth specific options
## Note: if not running as root, then burp-ui must be run as group 'shadow' to
## allow PAM to work
#[LOCAL]
#[LOCAL:AUTH]
## Backend priority. Higher is first
#priority = 0
## List of local users allowed to login. If you don't set this setting, users
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment