diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2015-12-15 17:27:15 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2015-12-15 17:27:15 +0100 |
| commit | 4d1bee93081f7e642d70c42958487e62c98e1abd (patch) | |
| tree | db54e766ebb213b58e69e639875e33a05c0712c5 | |
| parent | cc79334accd3ae2c3514124673d2bf3e841c900e (diff) | |
| parent | 89fdca7748961bd88ddbb975566185d5690a6e67 (diff) | |
| download | nextcloud-server-4d1bee93081f7e642d70c42958487e62c98e1abd.tar.gz nextcloud-server-4d1bee93081f7e642d70c42958487e62c98e1abd.zip | |
Merge pull request #21208 from owncloud/stable8-backport-16961
[stable8] Hardening home folder retrieval in user_ldap
| -rw-r--r-- | apps/user_ldap/appinfo/update.php | 27 | ||||
| -rw-r--r-- | apps/user_ldap/appinfo/version | 2 | ||||
| -rw-r--r-- | apps/user_ldap/user_ldap.php | 7 |
3 files changed, 34 insertions, 2 deletions
diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php new file mode 100644 index 00000000000..64ef0a16a3c --- /dev/null +++ b/apps/user_ldap/appinfo/update.php @@ -0,0 +1,27 @@ +<?php +/** + * @author Morris Jobke <hey@morrisjobke.de> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +$config = \OC::$server->getConfig(); +$installedVersion = $config->getAppValue('user_ldap', 'installed_version'); + +if (version_compare($installedVersion, '0.5.2', '<')) { + $config->setAppValue('user_ldap', 'enforce_home_folder_naming_rule', false); +} diff --git a/apps/user_ldap/appinfo/version b/apps/user_ldap/appinfo/version index 4b9fcbec101..cb0c939a936 100644 --- a/apps/user_ldap/appinfo/version +++ b/apps/user_ldap/appinfo/version @@ -1 +1 @@ -0.5.1 +0.5.2 diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 69c4af0ebbf..6f00ba13a77 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -262,7 +262,8 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn if($this->access->connection->isCached($cacheKey)) { return $this->access->connection->getFromCache($cacheKey); } - if(strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0) { + if(strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0 && + $this->access->connection->homeFolderNamingRule !== 'attr:') { $attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:')); $homedir = $this->access->readAttribute( $this->access->username2dn($uid), $attr); @@ -289,6 +290,10 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn //TODO: if home directory changes, the old one needs to be removed. return $homedir; } + if($this->ocConfig->getAppValue('user_ldap', 'enforce_home_folder_naming_rule', true)) { + // a naming rule attribute is defined, but it doesn't exist for that LDAP user + throw new \Exception('Home dir attribute can\'t be read from LDAP for uid: ' . $uid); + } } //false will apply default behaviour as defined and done by OC_User |