diff options
author | Morris Jobke <hey@morrisjobke.de> | 2017-01-26 01:15:43 -0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-26 01:15:43 -0600 |
commit | 3a603ab8b421b306373e06b9d1210e6013093a99 (patch) | |
tree | 930f698009db34ffd6459b766e86a5192cbd2193 /apps | |
parent | e7523b07bd9d17de22248c4993eb9c7a2eda2827 (diff) | |
parent | 03ae7b654f62a37cc3fd637ab4f971128163f22a (diff) | |
download | nextcloud-server-3a603ab8b421b306373e06b9d1210e6013093a99.tar.gz nextcloud-server-3a603ab8b421b306373e06b9d1210e6013093a99.zip |
Merge pull request #3264 from nextcloud/ldap-deny-long-dns
Gracefully deny users or groups with too long DNs
Diffstat (limited to 'apps')
-rw-r--r-- | apps/user_ldap/lib/Access.php | 3 | ||||
-rw-r--r-- | apps/user_ldap/lib/Mapping/AbstractMapping.php | 11 | ||||
-rw-r--r-- | apps/user_ldap/tests/Mapping/AbstractMappingTest.php | 3 |
3 files changed, 16 insertions, 1 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index cace64a7deb..9f6639c0db0 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -678,6 +678,9 @@ class Access extends LDAPUtility implements IUserTools { */ public function cacheUserDisplayName($ocName, $displayName, $displayName2 = '') { $user = $this->userManager->get($ocName); + if($user === null) { + return; + } $displayName = $user->composeAndStoreDisplayName($displayName, $displayName2); $cacheKeyTrunk = 'getDisplayName'; $this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName); diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php index 8e7f1f8b137..6fb4a5436c3 100644 --- a/apps/user_ldap/lib/Mapping/AbstractMapping.php +++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php @@ -209,6 +209,17 @@ abstract class AbstractMapping { * @return bool */ public function map($fdn, $name, $uuid) { + if(mb_strlen($fdn) > 255) { + \OC::$server->getLogger()->error( + 'Cannot map, because the DN exceeds 255 characters: {dn}', + [ + 'app' => 'user_ldap', + 'dn' => $fdn, + ] + ); + return false; + } + $row = array( 'ldap_dn' => $fdn, 'owncloud_name' => $name, diff --git a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php index 91013085c2c..5c3474d9ad2 100644 --- a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php +++ b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php @@ -106,7 +106,8 @@ abstract class AbstractMappingTest extends \Test\TestCase { list($mapper, $data) = $this->initTest(); // test that mapping will not happen when it shall not - $paramKeys = array('', 'dn', 'name', 'uuid'); + $tooLongDN = 'uid=joann,ou=Secret Small Specialized Department,ou=Some Tremendously Important Department,ou=Another Very Important Department,ou=Pretty Meaningful Derpartment,ou=Quite Broad And General Department,ou=The Topmost Department,dc=hugelysuccessfulcompany,dc=com'; + $paramKeys = array('', 'dn', 'name', 'uuid', $tooLongDN); foreach($paramKeys as $key) { $failEntry = $data[0]; if(!empty($key)) { |