open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

port dd694b5 from stable45

Browse Source
remotes/origin/stable5
Arthur Schiwon 13 years ago
parent 42f235123e
commit aebd4fd32d
1 changed files with 6 additions and 11 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 17
      apps/user_ldap/lib/access.php

17
apps/user_ldap/lib/access.php
Unescape View File

@ -58,6 +58,7 @@ abstract class Access {
return false; return false;
} }
$rr = @ldap_read($cr, $dn, $filter, array($attr)); $rr = @ldap_read($cr, $dn, $filter, array($attr));
$dn = $dn = str_replace('\\5c', '\\', $dn);
if(!is_resource($rr)) { if(!is_resource($rr)) {
\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG); \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
//in case an error occurs , e.g. object does not exist //in case an error occurs , e.g. object does not exist
@ -119,18 +120,13 @@ abstract class Access {
//make comparisons and everything work //make comparisons and everything work
$dn = mb_strtolower($dn, 'UTF-8'); $dn = mb_strtolower($dn, 'UTF-8');
//escape DN values according to RFC 2253 //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn
//thanks to Kolab, http://git.kolab.org/pear/Net_LDAP3/tree/lib/Net/LDAP3.php#n1313 //to use the DN in search filters, \ needs to be escaped to \5c additionally
//to use them in bases, we convert them back to simple backslashes in readAttribute()
$aDN = ldap_explode_dn($dn, false); $aDN = ldap_explode_dn($dn, false);
unset($aDN['count']); unset($aDN['count']);
foreach($aDN as $key => $part) {
$value = substr($part, strpos($part, '=')+1);
$escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b',
'<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c',
'"'=>'\22', '#'=>'\23'));
$part = str_replace($part, $value, $escapedValue);
}
$dn = implode(',', $aDN); $dn = implode(',', $aDN);
$dn = str_replace('\\', '\\5c', $dn);
return $dn; return $dn;
} }
@ -240,7 +236,6 @@ abstract class Access {
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
*/ */
public function dn2ocname($dn, $ldapname = null, $isUser = true) { public function dn2ocname($dn, $ldapname = null, $isUser = true) {
$dn = $this->sanitizeDN($dn);
$table = $this->getMapTable($isUser); $table = $this->getMapTable($isUser);
if($isUser) { if($isUser) {
$fncFindMappedName = 'findMappedUser'; $fncFindMappedName = 'findMappedUser';
@ -437,7 +432,6 @@ abstract class Access {
*/ */
private function mapComponent($dn, $ocname, $isUser = true) { private function mapComponent($dn, $ocname, $isUser = true) {
$table = $this->getMapTable($isUser); $table = $this->getMapTable($isUser);
$dn = $this->sanitizeDN($dn);
$sqlAdjustment = ''; $sqlAdjustment = '';
$dbtype = \OCP\Config::getSystemValue('dbtype'); $dbtype = \OCP\Config::getSystemValue('dbtype');
@ -732,6 +726,7 @@ abstract class Access {
public function getUUID($dn) { public function getUUID($dn) {
if($this->detectUuidAttribute($dn)) { if($this->detectUuidAttribute($dn)) {
\OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG);
$uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute); $uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute);
if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) { if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) {
$this->detectUuidAttribute($dn, true); $this->detectUuidAttribute($dn, true);

Write Preview
Loading…
Cancel
Save