diff options
author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2017-01-25 17:10:51 +0100 |
---|---|---|
committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2017-01-25 17:10:51 +0100 |
commit | 03ae7b654f62a37cc3fd637ab4f971128163f22a (patch) | |
tree | 0bfbbf63084192d3bce88690d97562c2dd404610 | |
parent | f469b3e9587e9eae2cce924241f90baa1da30b31 (diff) | |
download | nextcloud-server-03ae7b654f62a37cc3fd637ab4f971128163f22a.tar.gz nextcloud-server-03ae7b654f62a37cc3fd637ab4f971128163f22a.zip |
Gracefully deny users or groups with too long DNs
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
-rw-r--r-- | apps/user_ldap/lib/Access.php | 3 | ||||
-rw-r--r-- | apps/user_ldap/lib/Mapping/AbstractMapping.php | 11 | ||||
-rw-r--r-- | apps/user_ldap/tests/Mapping/AbstractMappingTest.php | 3 |
3 files changed, 16 insertions, 1 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index cace64a7deb..9f6639c0db0 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -678,6 +678,9 @@ class Access extends LDAPUtility implements IUserTools { */ public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') { $user = $this->userManager->get($ocName); + if($user === null) { + return; + } $displayName = $user->composeAndStoreDisplayName($displayName, $displayName2); $cacheKeyTrunk = 'getDisplayName'; $this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName); diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php index 8e7f1f8b137..6fb4a5436c3 100644 --- a/apps/user_ldap/lib/Mapping/AbstractMapping.php +++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php @@ -209,6 +209,17 @@ abstract class AbstractMapping { * @return bool */ public function map($fdn, $name, $uuid) { + if(mb_strlen($fdn) > 255) { + \OC::$server->getLogger()->error( + 'Cannot map, because the DN exceeds 255 characters: {dn}', + [ + 'app' => 'user_ldap', + 'dn' => $fdn, + ] + ); + return false; + } + $row = array( 'ldap_dn' => $fdn, 'owncloud_name' => $name, diff --git a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php index 91013085c2c..5c3474d9ad2 100644 --- a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php +++ b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php @@ -106,7 +106,8 @@ abstract class AbstractMappingTest extends \Test\TestCase { list($mapper, $data) = $this->initTest(); // test that mapping will not happen when it shall not - $paramKeys = array('', 'dn', 'name', 'uuid'); + $tooLongDN = 'uid=joann,ou=Secret Small Specialized Department,ou=Some Tremendously Important Department,ou=Another Very Important Department,ou=Pretty Meaningful Derpartment,ou=Quite Broad And General Department,ou=The Topmost Department,dc=hugelysuccessfulcompany,dc=com'; + $paramKeys = array('', 'dn', 'name', 'uuid', $tooLongDN); foreach($paramKeys as $key) { $failEntry = $data[0]; if(!empty($key)) { |