summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2017-01-26 01:15:43 -0600
committerGitHub <noreply@github.com>2017-01-26 01:15:43 -0600
commit3a603ab8b421b306373e06b9d1210e6013093a99 (patch)
tree930f698009db34ffd6459b766e86a5192cbd2193 /apps/user_ldap
parente7523b07bd9d17de22248c4993eb9c7a2eda2827 (diff)
parent03ae7b654f62a37cc3fd637ab4f971128163f22a (diff)
downloadnextcloud-server-3a603ab8b421b306373e06b9d1210e6013093a99.tar.gz
nextcloud-server-3a603ab8b421b306373e06b9d1210e6013093a99.zip
Merge pull request #3264 from nextcloud/ldap-deny-long-dns
Gracefully deny users or groups with too long DNs
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/lib/Access.php3
-rw-r--r--apps/user_ldap/lib/Mapping/AbstractMapping.php11
-rw-r--r--apps/user_ldap/tests/Mapping/AbstractMappingTest.php3
3 files changed, 16 insertions, 1 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index cace64a7deb..9f6639c0db0 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -678,6 +678,9 @@ class Access extends LDAPUtility implements IUserTools {
*/
public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') {
$user = $this->userManager->get($ocName);
+ if($user === null) {
+ return;
+ }
$displayName = $user->composeAndStoreDisplayName($displayName, $displayName2);
$cacheKeyTrunk = 'getDisplayName';
$this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php
index 8e7f1f8b137..6fb4a5436c3 100644
--- a/apps/user_ldap/lib/Mapping/AbstractMapping.php
+++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php
@@ -209,6 +209,17 @@ abstract class AbstractMapping {
* @return bool
*/
public function map($fdn, $name, $uuid) {
+ if(mb_strlen($fdn) > 255) {
+ \OC::$server->getLogger()->error(
+ 'Cannot map, because the DN exceeds 255 characters: {dn}',
+ [
+ 'app' => 'user_ldap',
+ 'dn' => $fdn,
+ ]
+ );
+ return false;
+ }
+
$row = array(
'ldap_dn' => $fdn,
'owncloud_name' => $name,
diff --git a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
index 91013085c2c..5c3474d9ad2 100644
--- a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
+++ b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php
@@ -106,7 +106,8 @@ abstract class AbstractMappingTest extends \Test\TestCase {
list($mapper, $data) = $this->initTest();
// test that mapping will not happen when it shall not
- $paramKeys = array('', 'dn', 'name', 'uuid');
+ $tooLongDN = 'uid=joann,ou=Secret Small Specialized Department,ou=Some Tremendously Important Department,ou=Another Very Important Department,ou=Pretty Meaningful Derpartment,ou=Quite Broad And General Department,ou=The Topmost Department,dc=hugelysuccessfulcompany,dc=com';
+ $paramKeys = array('', 'dn', 'name', 'uuid', $tooLongDN);
foreach($paramKeys as $key) {
$failEntry = $data[0];
if(!empty($key)) {