finish off sprint advisories and sprints

2026-01-24 00:12:43 +02:00
parent 726d70dc7f
commit c70e83719e
266 changed files with 46699 additions and 1328 deletions
--- a/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/Credentials/LdapCredentialStore.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/Credentials/LdapCredentialStore.cs
@@ -115,6 +115,21 @@ internal sealed class LdapCredentialStore : IUserCredentialStore
                    auditProperties: auditProperties);
            }

+            // Validate DN is not empty/malformed
+            if (string.IsNullOrWhiteSpace(userEntry.DistinguishedName))
+            {
+                logger.LogWarning("LDAP plugin {Plugin} found user {Username} but DN is empty/malformed.", pluginName, normalizedUsername);
+                auditProperties.Add(new AuthEventProperty
+                {
+                    Name = "ldap.failure",
+                    Value = ClassifiedString.Public("malformed_dn")
+                });
+                return AuthorityCredentialVerificationResult.Failure(
+                    AuthorityCredentialFailureCode.InvalidCredentials,
+                    "Invalid credentials.",
+                    auditProperties: auditProperties);
+            }
+
            auditProperties.Add(new AuthEventProperty
            {
                Name = "ldap.entry_dn",