diff options
author | blizzz <blizzz@owncloud.com> | 2014-11-03 14:03:26 +0100 |
---|---|---|
committer | blizzz <blizzz@owncloud.com> | 2014-11-03 14:03:26 +0100 |
commit | dc9ea893fd89bcabce922ba626c6953cd5a1fbef (patch) | |
tree | e0e4717cdf9dfc17f35d8a3e1e00694e6426013f | |
parent | 79b650a0238089a935073c1ebe7e33fd7a0c52a4 (diff) | |
parent | d1410b46a9822aefc6547db95add1c1f7fa1f617 (diff) | |
download | nextcloud-server-dc9ea893fd89bcabce922ba626c6953cd5a1fbef.tar.gz nextcloud-server-dc9ea893fd89bcabce922ba626c6953cd5a1fbef.zip |
Merge pull request #11172 from owncloud/user-ldap-no-bcmath
Fix ldap convertSID2Str() / Remove BCMath dependency
-rw-r--r-- | apps/user_ldap/lib/access.php | 48 | ||||
-rw-r--r-- | apps/user_ldap/tests/access.php | 63 | ||||
-rw-r--r-- | apps/user_ldap/tests/data/sid.dat | bin | 24 -> 0 bytes |
3 files changed, 57 insertions, 54 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 44162e32d47..12c6f8118d3 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -1316,32 +1316,38 @@ class Access extends LDAPUtility implements user\IUserTools { * converts a binary SID into a string representation * @param string $sid * @return string - * @link http://blogs.freebsdish.org/tmclaugh/2010/07/21/finding-a-users-primary-group-in-ad/#comment-2855 */ public function convertSID2Str($sid) { - try { - if(!function_exists('bcadd')) { - \OCP\Util::writeLog('user_ldap', - 'You need to install bcmath module for PHP to have support ' . - 'for AD primary groups', \OCP\Util::WARN); - throw new \Exception('missing bcmath module'); - } - $srl = ord($sid[0]); - $numberSubID = ord($sid[1]); - $x = substr($sid, 2, 6); - $h = unpack('N', "\x0\x0" . substr($x,0,2)); - $l = unpack('N', substr($x,2,6)); - $iav = bcadd(bcmul($h[1], bcpow(2,32)), $l[1]); - $subIDs = array(); - for ($i=0; $i<$numberSubID; $i++) { - $subID = unpack('V', substr($sid, 8+4*$i, 4)); - $subIDs[] = $subID[1]; - } - } catch (\Exception $e) { + // The format of a SID binary string is as follows: + // 1 byte for the revision level + // 1 byte for the number n of variable sub-ids + // 6 bytes for identifier authority value + // n*4 bytes for n sub-ids + // + // Example: 010400000000000515000000a681e50e4d6c6c2bca32055f + // Legend: RRNNAAAAAAAAAAAA11111111222222223333333344444444 + $revision = ord($sid[0]); + $numberSubID = ord($sid[1]); + + $subIdStart = 8; // 1 + 1 + 6 + $subIdLength = 4; + if (strlen($sid) !== $subIdStart + $subIdLength * $numberSubID) { + // Incorrect number of bytes present. return ''; } - return sprintf('S-%d-%d-%s', $srl, $iav, implode('-', $subIDs)); + // 6 bytes = 48 bits can be represented using floats without loss of + // precision (see https://gist.github.com/bantu/886ac680b0aef5812f71) + $iav = number_format(hexdec(bin2hex(substr($sid, 2, 6))), 0, '', ''); + + $subIDs = array(); + for ($i = 0; $i < $numberSubID; $i++) { + $subID = unpack('V', substr($sid, $subIdStart + $subIdLength * $i, $subIdLength)); + $subIDs[] = sprintf('%u', $subID[1]); + } + + // Result for example above: S-1-5-21-249921958-728525901-1594176202 + return sprintf('S-%d-%s-%s', $revision, $iav, implode('-', $subIDs)); } /** diff --git a/apps/user_ldap/tests/access.php b/apps/user_ldap/tests/access.php index f436784675d..8ff39800808 100644 --- a/apps/user_ldap/tests/access.php +++ b/apps/user_ldap/tests/access.php @@ -78,55 +78,52 @@ class Test_Access extends \PHPUnit_Framework_TestCase { $this->assertTrue($expected === $access->escapeFilterPart($input)); } - public function testConvertSID2StrSuccess() { + /** @dataProvider convertSID2StrSuccessData */ + public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) { list($lw, $con, $um) = $this->getConnecterAndLdapMock(); $access = new Access($con, $lw, $um); - if(!function_exists('\bcadd')) { - $this->markTestSkipped('bcmath not available'); - } - - $sidBinary = file_get_contents(__DIR__ . '/data/sid.dat'); - $sidExpected = 'S-1-5-21-249921958-728525901-1594176202'; - + $sidBinary = implode('', $sidArray); $this->assertSame($sidExpected, $access->convertSID2Str($sidBinary)); } + public function convertSID2StrSuccessData() { + return array( + array( + array( + "\x01", + "\x04", + "\x00\x00\x00\x00\x00\x05", + "\x15\x00\x00\x00", + "\xa6\x81\xe5\x0e", + "\x4d\x6c\x6c\x2b", + "\xca\x32\x05\x5f", + ), + 'S-1-5-21-249921958-728525901-1594176202', + ), + array( + array( + "\x01", + "\x02", + "\xFF\xFF\xFF\xFF\xFF\xFF", + "\xFF\xFF\xFF\xFF", + "\xFF\xFF\xFF\xFF", + ), + 'S-1-281474976710655-4294967295-4294967295', + ), + ); + } + public function testConvertSID2StrInputError() { list($lw, $con, $um) = $this->getConnecterAndLdapMock(); $access = new Access($con, $lw, $um); - if(!function_exists('\bcadd')) { - $this->markTestSkipped('bcmath not available'); - } - $sidIllegal = 'foobar'; $sidExpected = ''; $this->assertSame($sidExpected, $access->convertSID2Str($sidIllegal)); } - public function testConvertSID2StrNoBCMath() { - if(function_exists('\bcadd')) { - $removed = false; - if(function_exists('runkit_function_remove')) { - $removed = !runkit_function_remove('\bcadd'); - } - if(!$removed) { - $this->markTestSkipped('bcadd could not be removed for ' . - 'testing without bcmath'); - } - } - - list($lw, $con, $um) = $this->getConnecterAndLdapMock(); - $access = new Access($con, $lw, $um); - - $sidBinary = file_get_contents(__DIR__ . '/data/sid.dat'); - $sidExpected = ''; - - $this->assertSame($sidExpected, $access->convertSID2Str($sidBinary)); - } - public function testGetDomainDNFromDNSuccess() { list($lw, $con, $um) = $this->getConnecterAndLdapMock(); $access = new Access($con, $lw, $um); diff --git a/apps/user_ldap/tests/data/sid.dat b/apps/user_ldap/tests/data/sid.dat Binary files differdeleted file mode 100644 index 3d500c6a872..00000000000 --- a/apps/user_ldap/tests/data/sid.dat +++ /dev/null |