better check whether string resembles a DN, fixes #9887
This commit is contained in:
parent
13d44f8f7f
commit
fc6793f2ae
|
@ -140,6 +140,18 @@ class Access extends LDAPUtility implements user\IUserTools {
|
||||||
return in_array($attr, $resemblingAttributes);
|
return in_array($attr, $resemblingAttributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* checks whether the given string is probably a DN
|
||||||
|
* @param string $string
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function stringResemblesDN($string) {
|
||||||
|
$r = $this->ldap->explodeDN($string, 0);
|
||||||
|
// if exploding a DN succeeds and does not end up in
|
||||||
|
// an empty array except for $r[count] being 0.
|
||||||
|
return (is_array($r) && count($r) > 1);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* sanitizes a DN received from the LDAP server
|
* sanitizes a DN received from the LDAP server
|
||||||
* @param array $dn the DN in question
|
* @param array $dn the DN in question
|
||||||
|
|
|
@ -33,6 +33,8 @@ interface IUserTools {
|
||||||
|
|
||||||
public function readAttribute($dn, $attr, $filter = 'objectClass=*');
|
public function readAttribute($dn, $attr, $filter = 'objectClass=*');
|
||||||
|
|
||||||
|
public function stringResemblesDN($string);
|
||||||
|
|
||||||
public function dn2username($dn, $ldapname = null);
|
public function dn2username($dn, $ldapname = null);
|
||||||
|
|
||||||
public function username2dn($name);
|
public function username2dn($name);
|
||||||
|
|
|
@ -143,8 +143,7 @@ class Manager {
|
||||||
return $this->users['byUid'][$id];
|
return $this->users['byUid'][$id];
|
||||||
}
|
}
|
||||||
|
|
||||||
if(strpos(mb_strtolower($id, 'UTF-8'), 'dc=') === false
|
if(!$this->access->stringResemblesDN($id) ) {
|
||||||
&& strpos(mb_strtolower($id, 'UTF-8'), 'uid=') === false ) {
|
|
||||||
//most likely a uid
|
//most likely a uid
|
||||||
$dn = $this->access->username2dn($id);
|
$dn = $this->access->username2dn($id);
|
||||||
if($dn !== false) {
|
if($dn !== false) {
|
||||||
|
|
|
@ -156,4 +156,80 @@ class Test_Access extends \PHPUnit_Framework_TestCase {
|
||||||
|
|
||||||
$this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
|
$this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function stringResemblesDNYes() {
|
||||||
|
list($lw, $con, $um) = $this->getConnecterAndLdapMock();
|
||||||
|
$access = new Access($con, $lw, $um);
|
||||||
|
|
||||||
|
$input = 'foo=bar,bar=foo,dc=foobar';
|
||||||
|
$interResult = array(
|
||||||
|
'count' => 3,
|
||||||
|
0 => 'foo=bar',
|
||||||
|
1 => 'bar=foo',
|
||||||
|
2 => 'dc=foobar'
|
||||||
|
);
|
||||||
|
|
||||||
|
$lw->expects($this->once())
|
||||||
|
->method('explodeDN')
|
||||||
|
->will($this->returnValue($interResult));
|
||||||
|
|
||||||
|
$this->assertTrue($access->stringResemblesDN($input));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function stringResemblesDNYesLDAPmod() {
|
||||||
|
list($lw, $con, $um) = $this->getConnecterAndLdapMock();
|
||||||
|
$lw = new \OCA\user_ldap\lib\LDAP();
|
||||||
|
$access = new Access($con, $lw, $um);
|
||||||
|
|
||||||
|
if(!function_exists('ldap_explode_dn')) {
|
||||||
|
$this->markTestSkipped('LDAP Module not available');
|
||||||
|
}
|
||||||
|
|
||||||
|
$input = 'foo=bar,bar=foo,dc=foobar';
|
||||||
|
$interResult = array(
|
||||||
|
'count' => 3,
|
||||||
|
0 => 'foo=bar',
|
||||||
|
1 => 'bar=foo',
|
||||||
|
2 => 'dc=foobar'
|
||||||
|
);
|
||||||
|
|
||||||
|
$lw->expects($this->once())
|
||||||
|
->method('explodeDN')
|
||||||
|
->will($this->returnValue($interResult));
|
||||||
|
|
||||||
|
$this->assertTrue($access->stringResemblesDN($input));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function stringResemblesDNNo() {
|
||||||
|
list($lw, $con, $um) = $this->getConnecterAndLdapMock();
|
||||||
|
$access = new Access($con, $lw, $um);
|
||||||
|
|
||||||
|
$input = 'foobarbarfoodcfoobar';
|
||||||
|
$interResult = false;
|
||||||
|
|
||||||
|
$lw->expects($this->once())
|
||||||
|
->method('explodeDN')
|
||||||
|
->will($this->returnValue($interResult));
|
||||||
|
|
||||||
|
$this->assertFalse($access->stringResemblesDN($input));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function stringResemblesDNNoLDAPMod() {
|
||||||
|
list($lw, $con, $um) = $this->getConnecterAndLdapMock();
|
||||||
|
$lw = new \OCA\user_ldap\lib\LDAP();
|
||||||
|
$access = new Access($con, $lw, $um);
|
||||||
|
|
||||||
|
if(!function_exists('ldap_explode_dn')) {
|
||||||
|
$this->markTestSkipped('LDAP Module not available');
|
||||||
|
}
|
||||||
|
|
||||||
|
$input = 'foobarbarfoodcfoobar';
|
||||||
|
$interResult = false;
|
||||||
|
|
||||||
|
$lw->expects($this->once())
|
||||||
|
->method('explodeDN')
|
||||||
|
->will($this->returnValue($interResult));
|
||||||
|
|
||||||
|
$this->assertFalse($access->stringResemblesDN($input));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,6 +44,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
|
||||||
$inputDN = 'cn=foo,dc=foobar,dc=bar';
|
$inputDN = 'cn=foo,dc=foobar,dc=bar';
|
||||||
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
|
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
|
||||||
|
|
||||||
|
$access->expects($this->once())
|
||||||
|
->method('stringResemblesDN')
|
||||||
|
->with($this->equalTo($inputDN))
|
||||||
|
->will($this->returnValue(true));
|
||||||
|
|
||||||
$access->expects($this->once())
|
$access->expects($this->once())
|
||||||
->method('dn2username')
|
->method('dn2username')
|
||||||
->with($this->equalTo($inputDN))
|
->with($this->equalTo($inputDN))
|
||||||
|
@ -66,6 +71,38 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
|
||||||
$inputDN = 'uid=foo,o=foobar,c=bar';
|
$inputDN = 'uid=foo,o=foobar,c=bar';
|
||||||
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
|
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
|
||||||
|
|
||||||
|
$access->expects($this->once())
|
||||||
|
->method('stringResemblesDN')
|
||||||
|
->with($this->equalTo($inputDN))
|
||||||
|
->will($this->returnValue(true));
|
||||||
|
|
||||||
|
$access->expects($this->once())
|
||||||
|
->method('dn2username')
|
||||||
|
->with($this->equalTo($inputDN))
|
||||||
|
->will($this->returnValue($uid));
|
||||||
|
|
||||||
|
$access->expects($this->never())
|
||||||
|
->method('username2dn');
|
||||||
|
|
||||||
|
$manager = new Manager($config, $filesys, $log, $avaMgr, $image);
|
||||||
|
$manager->setLdapAccess($access);
|
||||||
|
$user = $manager->get($inputDN);
|
||||||
|
|
||||||
|
$this->assertInstanceOf('\OCA\user_ldap\lib\user\User', $user);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetByExoticDN() {
|
||||||
|
list($access, $config, $filesys, $image, $log, $avaMgr) =
|
||||||
|
$this->getTestInstances();
|
||||||
|
|
||||||
|
$inputDN = 'ab=cde,f=ghei,mno=pq';
|
||||||
|
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
|
||||||
|
|
||||||
|
$access->expects($this->once())
|
||||||
|
->method('stringResemblesDN')
|
||||||
|
->with($this->equalTo($inputDN))
|
||||||
|
->will($this->returnValue(true));
|
||||||
|
|
||||||
$access->expects($this->once())
|
$access->expects($this->once())
|
||||||
->method('dn2username')
|
->method('dn2username')
|
||||||
->with($this->equalTo($inputDN))
|
->with($this->equalTo($inputDN))
|
||||||
|
@ -87,6 +124,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
|
||||||
|
|
||||||
$inputDN = 'cn=gone,dc=foobar,dc=bar';
|
$inputDN = 'cn=gone,dc=foobar,dc=bar';
|
||||||
|
|
||||||
|
$access->expects($this->once())
|
||||||
|
->method('stringResemblesDN')
|
||||||
|
->with($this->equalTo($inputDN))
|
||||||
|
->will($this->returnValue(true));
|
||||||
|
|
||||||
$access->expects($this->once())
|
$access->expects($this->once())
|
||||||
->method('dn2username')
|
->method('dn2username')
|
||||||
->with($this->equalTo($inputDN))
|
->with($this->equalTo($inputDN))
|
||||||
|
@ -119,6 +161,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
|
||||||
->with($this->equalTo($uid))
|
->with($this->equalTo($uid))
|
||||||
->will($this->returnValue($dn));
|
->will($this->returnValue($dn));
|
||||||
|
|
||||||
|
$access->expects($this->once())
|
||||||
|
->method('stringResemblesDN')
|
||||||
|
->with($this->equalTo($uid))
|
||||||
|
->will($this->returnValue(false));
|
||||||
|
|
||||||
$manager = new Manager($config, $filesys, $log, $avaMgr, $image);
|
$manager = new Manager($config, $filesys, $log, $avaMgr, $image);
|
||||||
$manager->setLdapAccess($access);
|
$manager->setLdapAccess($access);
|
||||||
$user = $manager->get($uid);
|
$user = $manager->get($uid);
|
||||||
|
|
Loading…
Reference in New Issue