archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #44766 from nextcloud/backport/44350/stable27

Browse Source 
[stable27] fix(LDAP): escape DN on check-user
db-error-logging-27
Arthur Schiwon 2 months ago committed by GitHub
parent 0c56331611 ee59d6c7dc
commit c90389af6b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File

4
apps/user_ldap/lib/Access.php
Unescape Escape View File

@ -279,6 +279,8 @@ class Access extends LDAPUtility {
* Normalizes a result grom getAttributes(), i.e. handles DNs and binary
* data if present.
*
* DN values are escaped as per RFC 2253
*
* @param array $result from ILDAPWrapper::getAttributes()
* @param string $attribute the attribute name that was read
* @return string[]
@ -1260,6 +1262,8 @@ class Access extends LDAPUtility {
/**
* Executes an LDAP search
*
* DN values in the result set are escaped as per RFC 2253
*
* @throws ServerNotAvailableException
*/
public function search(

3
apps/user_ldap/lib/Command/CheckUser.php
Unescape Escape View File

@ -144,7 +144,8 @@ class CheckUser extends Command {
$attrs = $access->userManager->getAttributes();
$user = $access->userManager->get($uid);
$avatarAttributes = $access->getConnection()->resolveRule('avatar');
$result = $access->search('objectclass=*', $user->getDN(), $attrs, 1, 0);
$baseDn = $this->helper->DNasBaseParameter($user->getDN());
$result = $access->search('objectclass=*', $baseDn, $attrs, 1, 0);
foreach ($result[0] as $attribute => $valueSet) {
$output->writeln(' ' . $attribute . ': ');
foreach ($valueSet as $value) {

15
apps/user_ldap/lib/Helper.php
Unescape Escape View File

@ -206,6 +206,21 @@ class Helper {
/**
* sanitizes a DN received from the LDAP server
*
* This is used and done to have a stable format of DNs that can be compared
* and identified again. The input DN value is modified as following:
*
* 1) whitespaces after commas are removed
* 2) the DN is turned to lower-case
* 3) the DN is escaped according to RFC 2253
*
* When a future DN is supposed to be used as a base parameter, it has to be
* run through DNasBaseParameter() first, to recode \5c into a backslash
* again, otherwise the search or read operation will fail with LDAP error
* 32, NO_SUCH_OBJECT. Regular usage in LDAP filters requires the backslash
* being escaped, however.
*
* Internally, DNs are stored in their sanitized form.
*
* @param array|string $dn the DN in question
* @return array|string the sanitized DN
*/

Write Preview
Loading…
Cancel
Save