mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #11172 from owncloud/user-ldap-no-bcmath 

Fix ldap convertSID2Str() / Remove BCMath dependency
This commit is contained in:
blizzz 2014-11-03 14:03:26 +01:00
parent 79b650a023 d1410b46a9
commit dc9ea893fd
3 changed files with 57 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
apps/user_ldap/lib/access.php
View File

@ -1316,32 +1316,38 @@ class Access extends LDAPUtility implements user\IUserTools {
* converts a binary SID into a string representation * converts a binary SID into a string representation
* @param string $sid * @param string $sid
* @return string * @return string
* @link http://blogs.freebsdish.org/tmclaugh/2010/07/21/finding-a-users-primary-group-in-ad/#comment-2855
*/ */
public function convertSID2Str($sid) { public function convertSID2Str($sid) {
try { // The format of a SID binary string is as follows:
if(!function_exists('bcadd')) { // 1 byte for the revision level
\OCP\Util::writeLog('user_ldap', // 1 byte for the number n of variable sub-ids
'You need to install bcmath module for PHP to have support ' . // 6 bytes for identifier authority value
'for AD primary groups', \OCP\Util::WARN); // n*4 bytes for n sub-ids
throw new \Exception('missing bcmath module'); //
} // Example: 010400000000000515000000a681e50e4d6c6c2bca32055f
$srl = ord($sid[0]); // Legend: RRNNAAAAAAAAAAAA11111111222222223333333344444444
$revision = ord($sid[0]);
$numberSubID = ord($sid[1]); $numberSubID = ord($sid[1]);
$x = substr($sid, 2, 6);
$h = unpack('N', "\x0\x0" . substr($x,0,2)); $subIdStart = 8; // 1 + 1 + 6
$l = unpack('N', substr($x,2,6)); $subIdLength = 4;
$iav = bcadd(bcmul($h[1], bcpow(2,32)), $l[1]); if (strlen($sid) !== $subIdStart + $subIdLength * $numberSubID) {
$subIDs = array(); // Incorrect number of bytes present.
for ($i=0; $i<$numberSubID; $i++) {
$subID = unpack('V', substr($sid, 8+4*$i, 4));
$subIDs[] = $subID[1];
}
} catch (\Exception $e) {
return ''; return '';
} }
return sprintf('S-%d-%d-%s', $srl, $iav, implode('-', $subIDs)); // 6 bytes = 48 bits can be represented using floats without loss of
// precision (see https://gist.github.com/bantu/886ac680b0aef5812f71)
$iav = number_format(hexdec(bin2hex(substr($sid, 2, 6))), 0, '', '');
$subIDs = array();
for ($i = 0; $i < $numberSubID; $i++) {
$subID = unpack('V', substr($sid, $subIdStart + $subIdLength * $i, $subIdLength));
$subIDs[] = sprintf('%u', $subID[1]);
}
// Result for example above: S-1-5-21-249921958-728525901-1594176202
return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs));
} }
/** /**

61
apps/user_ldap/tests/access.php
View File

@ -78,55 +78,52 @@ class Test_Access extends \PHPUnit_Framework_TestCase {
$this->assertTrue($expected === $access->escapeFilterPart($input)); $this->assertTrue($expected === $access->escapeFilterPart($input));
} }
public function testConvertSID2StrSuccess() { /** @dataProvider convertSID2StrSuccessData */
public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
list($lw, $con, $um) = $this->getConnecterAndLdapMock(); list($lw, $con, $um) = $this->getConnecterAndLdapMock();
$access = new Access($con, $lw, $um); $access = new Access($con, $lw, $um);
if(!function_exists('\bcadd')) { $sidBinary = implode('', $sidArray);
$this->markTestSkipped('bcmath not available'); $this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
} }
$sidBinary = file_get_contents(__DIR__ . '/data/sid.dat'); public function convertSID2StrSuccessData() {
$sidExpected = 'S-1-5-21-249921958-728525901-1594176202'; return array(
array(
$this->assertSame($sidExpected, $access->convertSID2Str($sidBinary)); array(
"\x01",
"\x04",
"\x00\x00\x00\x00\x00\x05",
"\x15\x00\x00\x00",
"\xa6\x81\xe5\x0e",
"\x4d\x6c\x6c\x2b",
"\xca\x32\x05\x5f",
),
'S-1-5-21-249921958-728525901-1594176202',
),
array(
array(
"\x01",
"\x02",
"\xFF\xFF\xFF\xFF\xFF\xFF",
"\xFF\xFF\xFF\xFF",
"\xFF\xFF\xFF\xFF",
),
'S-1-281474976710655-4294967295-4294967295',
),
);
} }
public function testConvertSID2StrInputError() { public function testConvertSID2StrInputError() {
list($lw, $con, $um) = $this->getConnecterAndLdapMock(); list($lw, $con, $um) = $this->getConnecterAndLdapMock();
$access = new Access($con, $lw, $um); $access = new Access($con, $lw, $um);
if(!function_exists('\bcadd')) {
$this->markTestSkipped('bcmath not available');
}
$sidIllegal = 'foobar'; $sidIllegal = 'foobar';
$sidExpected = ''; $sidExpected = '';
$this->assertSame($sidExpected, $access->convertSID2Str($sidIllegal)); $this->assertSame($sidExpected, $access->convertSID2Str($sidIllegal));
} }
public function testConvertSID2StrNoBCMath() {
if(function_exists('\bcadd')) {
$removed = false;
if(function_exists('runkit_function_remove')) {
$removed = !runkit_function_remove('\bcadd');
}
if(!$removed) {
$this->markTestSkipped('bcadd could not be removed for ' .
'testing without bcmath');
}
}
list($lw, $con, $um) = $this->getConnecterAndLdapMock();
$access = new Access($con, $lw, $um);
$sidBinary = file_get_contents(__DIR__ . '/data/sid.dat');
$sidExpected = '';
$this->assertSame($sidExpected, $access->convertSID2Str($sidBinary));
}
public function testGetDomainDNFromDNSuccess() { public function testGetDomainDNFromDNSuccess() {
list($lw, $con, $um) = $this->getConnecterAndLdapMock(); list($lw, $con, $um) = $this->getConnecterAndLdapMock();
$access = new Access($con, $lw, $um); $access = new Access($con, $lw, $um);

BIN
apps/user_ldap/tests/data/sid.dat
View File

Binary file not shown.