From 741a21292ed73a9b3b9e11633afb00e1725dcf74 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 29 Aug 2012 19:11:32 +0200 Subject: [PATCH] LDAP: fix potential infinite loop introduced with 4c4aa92eef858a2a96bb5676304acbcaafaa56f2, as side effect optimize groupExists-method. --- apps/user_ldap/group_ldap.php | 21 ++++++++++++++++++++- apps/user_ldap/lib/access.php | 14 -------------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index b29ebe30c51..aac3ed78917 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -232,7 +232,26 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface { * @return bool */ public function groupExists($gid){ - return in_array($gid, $this->getGroups()); + if($this->connection->isCached('groupExists'.$gid)) { + return $this->connection->getFromCache('groupExists'.$gid); + } + + //getting dn, if false the group does not exist. If dn, it may be mapped only, requires more checking. + $dn = $this->username2dn($gid); + if(!$dn) { + $this->connection->writeToCache('groupExists'.$gid, false); + return false; + } + + //if group really still exists, we will be able to read its objectclass + $objcs = $this->readAttribute($dn, 'objectclass'); + if(!$objcs || empty($objcs)) { + $this->connection->writeToCache('groupExists'.$gid, false); + return false; + } + + $this->connection->writeToCache('groupExists'.$gid, true); + return true; } /** diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index 9abbd91c179..089548a69ba 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -137,20 +137,6 @@ abstract class Access { $dn = $this->ocname2dn($name, true); if($dn) { return $dn; - } else { - //fallback: user is not mapped - $filter = $this->combineFilterWithAnd(array( - $this->connection->ldapUserFilter, - $this->connection->ldapUserDisplayName . '=' . $name, - )); - $result = $this->searchUsers($filter, 'dn'); - if(isset($result[0]['dn'])) { - //try mapping, if names equalize return DN - $uid = $this->dn2username($result[0]['dn']); - if($uid == $name) { - return $result[0]['dn']; - } - } } return false;