diff options
| author | Arthur Schiwon <blizzz@owncloud.com> | 2012-11-20 13:15:02 +0100 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@owncloud.com> | 2012-11-21 19:28:29 +0100 |
| commit | aebd4fd32d9f4bfaadee187f9aaabe9933a84b8d (patch) | |
| tree | ea2fa8296600c791b75da641ddeed3a1aeb7261d | |
| parent | 42f235123e2069be53a1ec134dfdda2d678c8f9b (diff) | |
| download | nextcloud-server-aebd4fd32d9f4bfaadee187f9aaabe9933a84b8d.tar.gz nextcloud-server-aebd4fd32d9f4bfaadee187f9aaabe9933a84b8d.zip | |
port dd694b5 from stable45
| -rw-r--r-- | apps/user_ldap/lib/access.php | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 2273caec02c..e0c6741bcb2 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -58,6 +58,7 @@ abstract class Access { return false; } $rr = @ldap_read($cr, $dn, $filter, array($attr)); + $dn = $dn = str_replace('\\5c', '\\', $dn); if(!is_resource($rr)) { \OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG); //in case an error occurs , e.g. object does not exist @@ -119,18 +120,13 @@ abstract class Access { //make comparisons and everything work $dn = mb_strtolower($dn, 'UTF-8'); - //escape DN values according to RFC 2253 - //thanks to Kolab, http://git.kolab.org/pear/Net_LDAP3/tree/lib/Net/LDAP3.php#n1313 + //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn + //to use the DN in search filters, \ needs to be escaped to \5c additionally + //to use them in bases, we convert them back to simple backslashes in readAttribute() $aDN = ldap_explode_dn($dn, false); unset($aDN['count']); - foreach($aDN as $key => $part) { - $value = substr($part, strpos($part, '=')+1); - $escapedValue = strtr($value, Array(','=>'\2c', '='=>'\3d', '+'=>'\2b', - '<'=>'\3c', '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c', - '"'=>'\22', '#'=>'\23')); - $part = str_replace($part, $value, $escapedValue); - } $dn = implode(',', $aDN); + $dn = str_replace('\\', '\\5c', $dn); return $dn; } @@ -240,7 +236,6 @@ abstract class Access { * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN */ public function dn2ocname($dn, $ldapname = null, $isUser = true) { - $dn = $this->sanitizeDN($dn); $table = $this->getMapTable($isUser); if($isUser) { $fncFindMappedName = 'findMappedUser'; @@ -437,7 +432,6 @@ abstract class Access { */ private function mapComponent($dn, $ocname, $isUser = true) { $table = $this->getMapTable($isUser); - $dn = $this->sanitizeDN($dn); $sqlAdjustment = ''; $dbtype = \OCP\Config::getSystemValue('dbtype'); @@ -732,6 +726,7 @@ abstract class Access { public function getUUID($dn) { if($this->detectUuidAttribute($dn)) { + \OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG); $uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute); if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) { $this->detectUuidAttribute($dn, true); |