[Pkg-owncloud-commits] [owncloud] 28/73: LDAP: check for existing username from other backends when creating one for an LDAP user or group. Fixes oc-1551 in stable4. Also optimizes groupExists() function as side effect.
David Prévot
taffit at alioth.debian.org
Fri Nov 8 23:09:03 UTC 2013
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.
commit b11203537e1030639f6edf231f01b801b363599d
Author: Arthur Schiwon <blizzz at owncloud.com>
Date: Wed Aug 29 18:07:32 2012 +0200
LDAP: check for existing username from other backends when creating one for an LDAP user or group. Fixes oc-1551 in stable4. Also optimizes groupExists() function as side effect.
---
apps/user_ldap/group_ldap.php | 14 +++++++++++++-
apps/user_ldap/lib_ldap.php | 41 ++++++++++++++++++-----------------------
2 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index a3117b5..f97955b 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -201,6 +201,18 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
* @return bool
*/
public function groupExists($gid){
- return in_array($gid, $this->getGroups());
+ //getting dn, if false the group does not exist. If dn, it may be mapped only, requires more checking.
+ $dn = OC_LDAP::groupname2dn($gid);
+ if(!$dn) {
+ return false;
+ }
+
+ //if user really still exists, we will be able to read his cn
+ $exists = OC_LDAP::readAttribute($dn, 'objectclass');
+ if(!$exists || empty($exists)) {
+ return false;
+ }
+
+ return true;
}
}
\ No newline at end of file
diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index 731283c..7f7d403 100644
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -132,20 +132,7 @@ class OC_LDAP {
$dn = self::ocname2dn($name, true);
if($dn) {
return $dn;
- } else {
- //fallback: user is not mapped
- self::init();
- $filter = self::combineFilterWithAnd(array(
- self::$ldapUserFilter,
- self::$ldapUserDisplayName . '=' . $name,
- ));
- $result = self::searchUsers($filter, 'dn');
- if(isset($result[0]['dn'])) {
- self::mapUser($result[0], $name);
- return $result[0];
- }
}
-
return false;
}
@@ -224,14 +211,18 @@ class OC_LDAP {
$ldapname = self::sanitizeUsername($ldapname);
//a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot.
- if(self::mapComponent($dn, $ldapname, $isUser)) {
- return $ldapname;
+ if(($isUser && !\OCP\User::userExists($ldapname)) || (!$isUser && !\OC_Group::groupExists($ldapname))) {
+ if(self::mapComponent($dn, $ldapname, $isUser)) {
+ return $ldapname;
+ }
}
//doh! There is a conflict. We need to distinguish between users/groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this object is located.
$oc_name = self::alternateOwnCloudName($ldapname, $dn);
- if(self::mapComponent($dn, $oc_name, $isUser)) {
- return $oc_name;
+ if(($isUser && !\OCP\User::userExists($oc_name)) || (!$isUser && !\OC_Group::groupExists($oc_name))) {
+ if(self::mapComponent($dn, $oc_name, $isUser)) {
+ return $oc_name;
+ }
}
//if everything else did not help..
@@ -287,16 +278,20 @@ class OC_LDAP {
//a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters.
$ocname = self::sanitizeUsername($ldapObject[$nameAttribute]);
- if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
- $ownCloudNames[] = $ocname;
- continue;
+ if(($isUsers && !\OCP\User::userExists($ocname)) || (!$isUsers && !\OC_Group::groupExists($ocname))) {
+ if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
+ $ownCloudNames[] = $ocname;
+ continue;
+ }
}
//doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located.
$ocname = self::alternateOwnCloudName($ocname, $ldapObject['dn']);
- if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
- $ownCloudNames[] = $ocname;
- continue;
+ if(($isUsers && !\OCP\User::userExists($ocname)) || (!$isUsers && !\OC_Group::groupExists($ocname))) {
+ if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) {
+ $ownCloudNames[] = $ocname;
+ continue;
+ }
}
//if everything else did not help..
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list