summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorblizzz <blizzz@owncloud.com>2014-08-18 19:24:41 +0200
committerblizzz <blizzz@owncloud.com>2014-08-18 19:24:41 +0200
commit8f7676c762ce4a6d2db852693060cd672b05121b (patch)
tree0ccc3c1a9681fd627d8bcdecfa85082266f9e88b
parenta820df71ee5832c5090a20589b2365904402a037 (diff)
parent97fd39e983645bf743f8abd5c05bfe619f859690 (diff)
downloadnextcloud-server-8f7676c762ce4a6d2db852693060cd672b05121b.tar.gz
nextcloud-server-8f7676c762ce4a6d2db852693060cd672b05121b.zip
Merge pull request #10340 from owncloud/fix-9887
better check whether string resembles a DN, fixes #9887
-rw-r--r--apps/user_ldap/lib/access.php12
-rw-r--r--apps/user_ldap/lib/user/iusertools.php2
-rw-r--r--apps/user_ldap/lib/user/manager.php3
-rw-r--r--apps/user_ldap/tests/access.php57
-rw-r--r--apps/user_ldap/tests/user/manager.php47
-rw-r--r--apps/user_ldap/tests/user_ldap.php5
6 files changed, 124 insertions, 2 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 23ba4253ed3..570f445650d 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -141,6 +141,18 @@ class Access extends LDAPUtility implements user\IUserTools {
}
/**
+ * checks whether the given string is probably a DN
+ * @param string $string
+ * @return boolean
+ */
+ public function stringResemblesDN($string) {
+ $r = $this->ldap->explodeDN($string, 0);
+ // if exploding a DN succeeds and does not end up in
+ // an empty array except for $r[count] being 0.
+ return (is_array($r) && count($r) > 1);
+ }
+
+ /**
* sanitizes a DN received from the LDAP server
* @param array $dn the DN in question
* @return array the sanitized DN
diff --git a/apps/user_ldap/lib/user/iusertools.php b/apps/user_ldap/lib/user/iusertools.php
index e409f3afed3..bbc678153de 100644
--- a/apps/user_ldap/lib/user/iusertools.php
+++ b/apps/user_ldap/lib/user/iusertools.php
@@ -33,6 +33,8 @@ interface IUserTools {
public function readAttribute($dn, $attr, $filter = 'objectClass=*');
+ public function stringResemblesDN($string);
+
public function dn2username($dn, $ldapname = null);
public function username2dn($name);
diff --git a/apps/user_ldap/lib/user/manager.php b/apps/user_ldap/lib/user/manager.php
index 0f17900b5f3..0ed3d09c48f 100644
--- a/apps/user_ldap/lib/user/manager.php
+++ b/apps/user_ldap/lib/user/manager.php
@@ -143,8 +143,7 @@ class Manager {
return $this->users['byUid'][$id];
}
- if(strpos(mb_strtolower($id, 'UTF-8'), 'dc=') === false
- && strpos(mb_strtolower($id, 'UTF-8'), 'uid=') === false ) {
+ if(!$this->access->stringResemblesDN($id) ) {
//most likely a uid
$dn = $this->access->username2dn($id);
if($dn !== false) {
diff --git a/apps/user_ldap/tests/access.php b/apps/user_ldap/tests/access.php
index e77aad769d4..f436784675d 100644
--- a/apps/user_ldap/tests/access.php
+++ b/apps/user_ldap/tests/access.php
@@ -156,4 +156,61 @@ class Test_Access extends \PHPUnit_Framework_TestCase {
$this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
}
+
+ private function getResemblesDNInputData() {
+ return $cases = array(
+ array(
+ 'input' => 'foo=bar,bar=foo,dc=foobar',
+ 'interResult' => array(
+ 'count' => 3,
+ 0 => 'foo=bar',
+ 1 => 'bar=foo',
+ 2 => 'dc=foobar'
+ ),
+ 'expectedResult' => true
+ ),
+ array(
+ 'input' => 'foobarbarfoodcfoobar',
+ 'interResult' => false,
+ 'expectedResult' => false
+ )
+ );
+ }
+
+ public function testStringResemblesDN() {
+ list($lw, $con, $um) = $this->getConnecterAndLdapMock();
+ $access = new Access($con, $lw, $um);
+
+ $cases = $this->getResemblesDNInputData();
+
+ $lw->expects($this->exactly(2))
+ ->method('explodeDN')
+ ->will($this->returnCallback(function ($dn) use ($cases) {
+ foreach($cases as $case) {
+ if($dn === $case['input']) {
+ return $case['interResult'];
+ }
+ }
+ }));
+
+ foreach($cases as $case) {
+ $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
+ }
+ }
+
+ public function testStringResemblesDNLDAPmod() {
+ list($lw, $con, $um) = $this->getConnecterAndLdapMock();
+ $lw = new \OCA\user_ldap\lib\LDAP();
+ $access = new Access($con, $lw, $um);
+
+ if(!function_exists('ldap_explode_dn')) {
+ $this->markTestSkipped('LDAP Module not available');
+ }
+
+ $cases = $this->getResemblesDNInputData();
+
+ foreach($cases as $case) {
+ $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
+ }
+ }
}
diff --git a/apps/user_ldap/tests/user/manager.php b/apps/user_ldap/tests/user/manager.php
index 7599980ff9a..7d687867213 100644
--- a/apps/user_ldap/tests/user/manager.php
+++ b/apps/user_ldap/tests/user/manager.php
@@ -44,6 +44,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
$inputDN = 'cn=foo,dc=foobar,dc=bar';
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
+ $access->expects($this->once())
+ ->method('stringResemblesDN')
+ ->with($this->equalTo($inputDN))
+ ->will($this->returnValue(true));
+
$access->expects($this->once())
->method('dn2username')
->with($this->equalTo($inputDN))
@@ -66,6 +71,38 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
$inputDN = 'uid=foo,o=foobar,c=bar';
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
+ $access->expects($this->once())
+ ->method('stringResemblesDN')
+ ->with($this->equalTo($inputDN))
+ ->will($this->returnValue(true));
+
+ $access->expects($this->once())
+ ->method('dn2username')
+ ->with($this->equalTo($inputDN))
+ ->will($this->returnValue($uid));
+
+ $access->expects($this->never())
+ ->method('username2dn');
+
+ $manager = new Manager($config, $filesys, $log, $avaMgr, $image);
+ $manager->setLdapAccess($access);
+ $user = $manager->get($inputDN);
+
+ $this->assertInstanceOf('\OCA\user_ldap\lib\user\User', $user);
+ }
+
+ public function testGetByExoticDN() {
+ list($access, $config, $filesys, $image, $log, $avaMgr) =
+ $this->getTestInstances();
+
+ $inputDN = 'ab=cde,f=ghei,mno=pq';
+ $uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
+
+ $access->expects($this->once())
+ ->method('stringResemblesDN')
+ ->with($this->equalTo($inputDN))
+ ->will($this->returnValue(true));
+
$access->expects($this->once())
->method('dn2username')
->with($this->equalTo($inputDN))
@@ -87,6 +124,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
$inputDN = 'cn=gone,dc=foobar,dc=bar';
+ $access->expects($this->once())
+ ->method('stringResemblesDN')
+ ->with($this->equalTo($inputDN))
+ ->will($this->returnValue(true));
+
$access->expects($this->once())
->method('dn2username')
->with($this->equalTo($inputDN))
@@ -119,6 +161,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
->with($this->equalTo($uid))
->will($this->returnValue($dn));
+ $access->expects($this->once())
+ ->method('stringResemblesDN')
+ ->with($this->equalTo($uid))
+ ->will($this->returnValue(false));
+
$manager = new Manager($config, $filesys, $log, $avaMgr, $image);
$manager->setLdapAccess($access);
$user = $manager->get($uid);
diff --git a/apps/user_ldap/tests/user_ldap.php b/apps/user_ldap/tests/user_ldap.php
index 8787e023655..e51f6cb5bb9 100644
--- a/apps/user_ldap/tests/user_ldap.php
+++ b/apps/user_ldap/tests/user_ldap.php
@@ -131,6 +131,11 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
->will($this->returnValue('gunslinger'));
$access->expects($this->any())
+ ->method('stringResemblesDN')
+ ->with($this->equalTo('dnOfRoland,dc=test'))
+ ->will($this->returnValue(true));
+
+ $access->expects($this->any())
->method('areCredentialsValid')
->will($this->returnCallback(function($dn, $pwd) {
if($pwd === 'dt19') {