adf794f791
Server-002 — AuthorizationGate lax-mode no longer overrides explicit deny. IsAllowed now switches on the evaluator's AuthorizationVerdict: Allow -> true, Denied (an authored deny rule matched) -> false in BOTH strict and lax mode, and only the indeterminate NotGranted case falls through to !_strictMode. Previously `if (decision.IsAllowed) return true; return !_strictMode;` let lax mode (the default) nullify authored NodeAcl deny rules for fully-resolved sessions. The tri-state AuthorizationVerdict.Denied member is now honoured. Server-009 — LDAP is secure-by-default. LdapOptions.AllowInsecureLdap now defaults to false (was true) and Program.cs's config fallback reads `?? false` (was `?? true`), so an LDAP-enabled deployment will not bind credentials over an unencrypted socket unless an operator explicitly opts in. Program.cs also logs a startup warning when LDAP is enabled with UseTls=false and AllowInsecureLdap=true, flagging the clear-text server->LDAP credential hop. Regression tests: AuthorizationGateTests covers all four verdict x mode combinations via a fixed-verdict evaluator stub; new LdapOptionsTests asserts the secure defaults. Both Server and Server.Tests build clean; the 15 targeted tests pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1.0 KiB
1.0 KiB