extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-24 00:43:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

* AD/LDAP Import: import could potentially deactivate or delete users if the connection to LDAP server failed

Browse Source
This commit is contained in:
ralf 2024-04-25 10:39:50 +02:00
parent 01b201a042
commit 12b779a662
3 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/Accounts/Ads.php
View File

@ -611,6 +611,7 @@ class Ads
* *
* @param array $group with values for keys account_id and account_dn * @param array $group with values for keys account_id and account_dn
* @return array * @return array
* @throws \Exception on error
*/ */
public function getMembers(array $group) public function getMembers(array $group)
{ {
@ -1263,6 +1264,7 @@ class Ads
* @param int $num_rows number of rows to return if isset($start) * @param int $num_rows number of rows to return if isset($start)
* @param ?int $total on return total number of rows * @param ?int $total on return total number of rows
* @return array account_id => account_lid or values for $attrs pairs * @return array account_id => account_lid or values for $attrs pairs
* @throws \Exception on error
*/ */
protected function filter($attr_filter, $account_type=null, array $attrs=null, array $accounts=array(), $filter_expired=false, $order_by=null, &$start=null, $num_rows=null, &$total=null) protected function filter($attr_filter, $account_type=null, array $attrs=null, array $accounts=array(), $filter_expired=false, $order_by=null, &$start=null, $num_rows=null, &$total=null)
{ {

15
api/src/Accounts/LdapVlvSortRequestTrait.php
View File

@ -81,7 +81,8 @@ trait LdapVlvSortRequestTrait
* @param ?int& $start on return null, if result sorted and limited by server * @param ?int& $start on return null, if result sorted and limited by server
* @param int $num_rows number of rows to return if isset($start) * @param int $num_rows number of rows to return if isset($start)
* @param ?int $total on return total number of rows * @param ?int $total on return total number of rows
* @return array|false result of ldap_get_entries with key 'count' unset * @return array result of ldap_get_entries with key 'count' unset
* @throws \Exception on error with ldap_error() as message
*/ */
protected function vlvSortQuery(string $context, string $filter, array $attrs, string $order_by=null, int &$start=null, int$num_rows=null, int &$total=null) protected function vlvSortQuery(string $context, string $filter, array $attrs, string $order_by=null, int &$start=null, int$num_rows=null, int &$total=null)
{ {
@ -123,14 +124,14 @@ trait LdapVlvSortRequestTrait
$attrs, null, null, null, null, $control); $attrs, null, null, null, null, $control);
} }
if ($sri && ($allValues = ldap_get_entries($ds, $sri))) if ($sri && ($allValues = ldap_get_entries($ds, $sri)) !== false)
{ {
// check if given controls succeeded // check if given controls succeeded
if ($control && ldap_parse_result($ds, $sri, $errcode, $matcheddn, $errmsg, $referrals, $serverctrls) && if ($control && ldap_parse_result($ds, $sri, $errcode, $matcheddn, $errmsg, $referrals, $serverctrls) &&
(isset($serverctrls[LDAP_CONTROL_VLVRESPONSE]['value']['count']))) (isset($serverctrls[LDAP_CONTROL_VLVRESPONSE]['value']['count'])))
{ {
$total = $serverctrls[LDAP_CONTROL_VLVRESPONSE]['value']['count']; $total = $serverctrls[LDAP_CONTROL_VLVRESPONSE]['value']['count'];
$start = null; // so caller does NOT run it's own limit $start = null; // so caller does NOT run its own limit
} }
else else
{ {
@ -138,9 +139,13 @@ trait LdapVlvSortRequestTrait
} }
unset($allValues['count']); unset($allValues['count']);
} }
else error_log(__METHOD__."() ldap_search(\$ds, '$context', '$filter') returned ".array2string($sri)." allValues=".array2string($allValues)); else
{
error_log(__METHOD__."() ldap_search(\$ds, '$context', '$filter') returned ".array2string($sri)." allValues=".array2string($allValues));
throw new \Exception(ldap_error($ds) ?: 'Unable to retrieve LDAP result', ldap_errno($ds));
}
//error_log(date('Y-m-d H:i:s ').__METHOD__."('$context', '$filter', ".json_encode($attrs).", order_by=$order_by, start=$start, num_rows=$num_rows) ldap_search($ds, '$context', '$filter')\n==> returning ".count($allValues)."/$total ".substr(array2string($allValues), 0, 1024)."\n--> ".function_backtrace()."\n\n", 3, '/var/lib/egroupware/ads.log'); //error_log(date('Y-m-d H:i:s ').__METHOD__."('$context', '$filter', ".json_encode($attrs).", order_by=$order_by, start=$start, num_rows=$num_rows) ldap_search($ds, '$context', '$filter')\n==> returning ".count($allValues)."/$total ".substr(array2string($allValues), 0, 1024)."\n--> ".function_backtrace()."\n\n", 3, '/var/lib/egroupware/ads.log');
return $allValues ?? false; return $allValues;
} }
} }

12
api/src/Contacts/Ldap.php
View File

@ -1210,13 +1210,14 @@ class Ldap
* @param string $_filter * @param string $_filter
* @param array $_attributes * @param array $_attributes
* @param int $_addressbooktype * @param int $_addressbooktype
* @param array $_skipPlugins =null schema-plugins to skip * @param ?array $_skipPlugins =null schema-plugins to skip
* @param string $order_by sql order string eg. "contact_email ASC" * @param string $order_by sql order string eg. "contact_email ASC"
* @param null|int|array $start [$start, $num_rows], on return null, if result sorted and limited by server * @param null|int|array $start [$start, $num_rows], on return null, if result sorted and limited by server
* @param bool $read_photo true: return the binary content of the image, false: return true or false if there is an image or not * @param bool $read_photo true: return the binary content of the image, false: return true or false if there is an image or not
* @return array/boolean with eGW contacts or false on error * @return array with contacts
* @throws \Exception on error with LDAP error message
*/ */
function _searchLDAP($_ldapContext, $_filter, $_attributes, $_addressbooktype, array $_skipPlugins=null, $order_by=null, &$start=null, bool $read_photo=false) function _searchLDAP($_ldapContext, $_filter, $_attributes, $_addressbooktype, ?array $_skipPlugins=null, $order_by=null, &$start=null, bool $read_photo=false)
{ {
$_attributes[] = 'entryUUID'; $_attributes[] = 'entryUUID';
$_attributes[] = 'objectClass'; $_attributes[] = 'objectClass';
@ -1280,7 +1281,10 @@ class Ldap
{ {
$result = ldap_list($this->ds, $_ldapContext, $_filter, $_attributes, null, null, null, null, $control); $result = ldap_list($this->ds, $_ldapContext, $_filter, $_attributes, null, null, null, null, $control);
} }
if(!$result || !$entries = ldap_get_entries($this->ds, $result)) return array(); if(!$result || ($entries = ldap_get_entries($this->ds, $result)) === false)
{
throw new \Exception(ldap_error($this->ds) ?: 'Unable to retrieve LDAP result', ldap_errno($this->ds));
}
$this->total += $entries['count']; $this->total += $entries['count'];
//error_log(__METHOD__."('$_ldapContext', '$_filter', ".array2string($_attributes).", $_addressbooktype) result of $entries[count]"); //error_log(__METHOD__."('$_ldapContext', '$_filter', ".array2string($_attributes).", $_addressbooktype) result of $entries[count]");