Joseph Doherty
e536178323
Resolves the auth-theme batch from the 2026-05-28 baseline review (8 findings across Security/CentralUI/ManagementService/CLI). The most consequential gaps: NotificationReport + SiteCallsReport now route through SiteScopeService so a site-scoped Deployment user cannot see or act on other sites' rows (CUI-028); QueryAuditLogCommand is no longer "any authenticated user" — gated Admin-only to match /api/audit/query's strictness (MS-018); RoleMapper preserves the broader grant when a user is in both an unscoped and scoped Deployment LDAP group, instead of silently narrowing to the scoped set (Sec-016); and the dead SiteScopeRequirement/Handler are deleted so SiteScopeService is unambiguously the sole site-scoping mechanism (Sec-017). Pending findings: 172 → 164.
16 lines
596 B
C#
16 lines
596 B
C#
namespace ScadaLink.Security;
|
|
|
|
/// <summary>
|
|
/// Thrown by <see cref="LdapAuthService"/> when the configured LDAP service-account
|
|
/// rebind fails. Distinct from a user-bind <c>LdapException</c> so the outer login
|
|
/// pipeline can surface "Authentication service is misconfigured" instead of
|
|
/// masking the system fault as "Invalid username or password" (Security-019).
|
|
/// </summary>
|
|
public sealed class ServiceAccountBindException : Exception
|
|
{
|
|
public ServiceAccountBindException(Exception innerException)
|
|
: base("LDAP service-account rebind failed", innerException)
|
|
{
|
|
}
|
|
}
|