Merge pull request #10340 from owncloud/fix-9887

better check whether string resembles a DN, fixes #9887
This commit is contained in:
blizzz 2014-08-18 19:24:41 +02:00
commit 8f7676c762
6 changed files with 124 additions and 2 deletions

View file

@ -140,6 +140,18 @@ class Access extends LDAPUtility implements user\IUserTools {
return in_array($attr, $resemblingAttributes);
}
/**
* checks whether the given string is probably a DN
* @param string $string
* @return boolean
*/
public function stringResemblesDN($string) {
$r = $this->ldap->explodeDN($string, 0);
// if exploding a DN succeeds and does not end up in
// an empty array except for $r[count] being 0.
return (is_array($r) && count($r) > 1);
}
/**
* sanitizes a DN received from the LDAP server
* @param array $dn the DN in question

View file

@ -33,6 +33,8 @@ interface IUserTools {
public function readAttribute($dn, $attr, $filter = 'objectClass=*');
public function stringResemblesDN($string);
public function dn2username($dn, $ldapname = null);
public function username2dn($name);

View file

@ -143,8 +143,7 @@ class Manager {
return $this->users['byUid'][$id];
}
if(strpos(mb_strtolower($id, 'UTF-8'), 'dc=') === false
&& strpos(mb_strtolower($id, 'UTF-8'), 'uid=') === false ) {
if(!$this->access->stringResemblesDN($id) ) {
//most likely a uid
$dn = $this->access->username2dn($id);
if($dn !== false) {

View file

@ -156,4 +156,61 @@ class Test_Access extends \PHPUnit_Framework_TestCase {
$this->assertSame($expected, $access->getDomainDNFromDN($inputDN));
}
private function getResemblesDNInputData() {
return $cases = array(
array(
'input' => 'foo=bar,bar=foo,dc=foobar',
'interResult' => array(
'count' => 3,
0 => 'foo=bar',
1 => 'bar=foo',
2 => 'dc=foobar'
),
'expectedResult' => true
),
array(
'input' => 'foobarbarfoodcfoobar',
'interResult' => false,
'expectedResult' => false
)
);
}
public function testStringResemblesDN() {
list($lw, $con, $um) = $this->getConnecterAndLdapMock();
$access = new Access($con, $lw, $um);
$cases = $this->getResemblesDNInputData();
$lw->expects($this->exactly(2))
->method('explodeDN')
->will($this->returnCallback(function ($dn) use ($cases) {
foreach($cases as $case) {
if($dn === $case['input']) {
return $case['interResult'];
}
}
}));
foreach($cases as $case) {
$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
}
}
public function testStringResemblesDNLDAPmod() {
list($lw, $con, $um) = $this->getConnecterAndLdapMock();
$lw = new \OCA\user_ldap\lib\LDAP();
$access = new Access($con, $lw, $um);
if(!function_exists('ldap_explode_dn')) {
$this->markTestSkipped('LDAP Module not available');
}
$cases = $this->getResemblesDNInputData();
foreach($cases as $case) {
$this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
}
}
}

View file

@ -44,6 +44,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
$inputDN = 'cn=foo,dc=foobar,dc=bar';
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
$access->expects($this->once())
->method('stringResemblesDN')
->with($this->equalTo($inputDN))
->will($this->returnValue(true));
$access->expects($this->once())
->method('dn2username')
->with($this->equalTo($inputDN))
@ -66,6 +71,38 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
$inputDN = 'uid=foo,o=foobar,c=bar';
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
$access->expects($this->once())
->method('stringResemblesDN')
->with($this->equalTo($inputDN))
->will($this->returnValue(true));
$access->expects($this->once())
->method('dn2username')
->with($this->equalTo($inputDN))
->will($this->returnValue($uid));
$access->expects($this->never())
->method('username2dn');
$manager = new Manager($config, $filesys, $log, $avaMgr, $image);
$manager->setLdapAccess($access);
$user = $manager->get($inputDN);
$this->assertInstanceOf('\OCA\user_ldap\lib\user\User', $user);
}
public function testGetByExoticDN() {
list($access, $config, $filesys, $image, $log, $avaMgr) =
$this->getTestInstances();
$inputDN = 'ab=cde,f=ghei,mno=pq';
$uid = '563418fc-423b-1033-8d1c-ad5f418ee02e';
$access->expects($this->once())
->method('stringResemblesDN')
->with($this->equalTo($inputDN))
->will($this->returnValue(true));
$access->expects($this->once())
->method('dn2username')
->with($this->equalTo($inputDN))
@ -87,6 +124,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
$inputDN = 'cn=gone,dc=foobar,dc=bar';
$access->expects($this->once())
->method('stringResemblesDN')
->with($this->equalTo($inputDN))
->will($this->returnValue(true));
$access->expects($this->once())
->method('dn2username')
->with($this->equalTo($inputDN))
@ -119,6 +161,11 @@ class Test_User_Manager extends \PHPUnit_Framework_TestCase {
->with($this->equalTo($uid))
->will($this->returnValue($dn));
$access->expects($this->once())
->method('stringResemblesDN')
->with($this->equalTo($uid))
->will($this->returnValue(false));
$manager = new Manager($config, $filesys, $log, $avaMgr, $image);
$manager->setLdapAccess($access);
$user = $manager->get($uid);

View file

@ -130,6 +130,11 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
->with($this->equalTo('dnOfRoland,dc=test'))
->will($this->returnValue('gunslinger'));
$access->expects($this->any())
->method('stringResemblesDN')
->with($this->equalTo('dnOfRoland,dc=test'))
->will($this->returnValue(true));
$access->expects($this->any())
->method('areCredentialsValid')
->will($this->returnCallback(function($dn, $pwd) {