From 4857c1fe8507ec694d445ebc3e8fceb233450093 Mon Sep 17 00:00:00 2001 From: hickert Date: Fri, 27 Aug 2010 12:22:21 +0000 Subject: [PATCH] Updated generateLdif method -Fixed execution method to hide the password from the process list git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19468 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/class_SnapshotHandler.inc | 2 +- gosa-core/include/class_ldap.inc | 54 +++++++++++++++---- .../generic/references/class_ldifViewer.inc | 2 +- 3 files changed, 47 insertions(+), 11 deletions(-) diff --git a/gosa-core/include/class_SnapshotHandler.inc b/gosa-core/include/class_SnapshotHandler.inc index bc912bdba..cc3ec2477 100644 --- a/gosa-core/include/class_SnapshotHandler.inc +++ b/gosa-core/include/class_SnapshotHandler.inc @@ -296,7 +296,7 @@ class SnapshotHandler { /* Create object */ $data = $ldap->generateLdif(LDAP::fix($dn), - "(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))",array(),'base'); + "(&(!(objectClass=gosaDepartment))(!(objectClass=FAIclass)))",'base'); $newName = str_replace(".", "", $sec."-".$usec); $target= array(); diff --git a/gosa-core/include/class_ldap.inc b/gosa-core/include/class_ldap.inc index bac40e5e0..6f88efbcf 100644 --- a/gosa-core/include/class_ldap.inc +++ b/gosa-core/include/class_ldap.inc @@ -883,21 +883,57 @@ class LDAP{ * @param $scope 'base', 'sub' .. see manpage for 'ldapmodify' for details. * @param $limit Limits the result. */ - function generateLdif ($dn, $filter= "(objectClass=*)", $attributes= array(), $scope = 'sub', $limit=0) + function generateLdif ($dn, $filter= "(objectClass=*)", $scope = 'sub', $limit=0) { $attrs = (count($attributes))?implode($attributes,' '):''; - $scope = (!empty($scope))?' -s '.$scope: ''; + + // Ensure that limit is numeric if not skip here. + if(!empty($limit) && !is_numeric($limit)){ + trigger_error(sprintf("Invalid parameter for limit '%s', a numeric value is required."), $limit); + return(NULL); + } $limit = (!$limit)?'':' -z '.$limit; + + // Check scope values + $scope = trim($scope); + if(!empty($scope) && !in_array($scope, array('base', 'one', 'sub', 'children'))){ + trigger_error(sprintf("Invalid parameter for scope '%s', please use 'base', 'one', 'sub' or 'children'."), $scope); + return(NULL); + } + $scope = (!empty($scope))?' -s '.$scope: ''; + + // Prepare paramters $dn = escapeshellarg($dn); + $pwd = $this->bindpw; + $host = escapeshellarg($this->hostname); $admin = escapeshellarg($this->binddn); - $pwd = escapeshellarg($this->bindpw); $filter = escapeshellarg($filter); - $host = escapeshellarg($this->hostname); - $cmd = "ldapsearch -x -LLLL -D {$admin} -w {$pwd} {$filter} {$limit} {$scope} -H {$host} -b {$dn} $attrs "; - ob_start(); - passthru($cmd); - $res=ob_get_contents(); - ob_end_clean(); + $cmd = "ldapsearch -x -LLLL -D {$admin} {$filter} {$limit} {$scope} -H {$host} -b {$dn} -W "; + + // Create list of process pipes + $descriptorspec = array( + 0 => array("pipe", "r"), // stdin + 1 => array("pipe", "w"), // stdout + 2 => array("pipe", "w")); // stderr + + // Try to open the process + $process = proc_open($cmd, $descriptorspec, $pipes); + if (is_resource($process)) { + + // Write the password to stdin + fwrite($pipes[0], $pwd); + fclose($pipes[0]); + + // Get results from stdout and stderr + $res = stream_get_contents($pipes[1]); + $err = stream_get_contents($pipes[2]); + fclose($pipes[1]); + + // Close the process and check its return value + if(proc_close($process) != 0){ + trigger_error($err); + } + } return($res); } diff --git a/gosa-core/plugins/generic/references/class_ldifViewer.inc b/gosa-core/plugins/generic/references/class_ldifViewer.inc index 24d6d6911..cbe34f9cd 100644 --- a/gosa-core/plugins/generic/references/class_ldifViewer.inc +++ b/gosa-core/plugins/generic/references/class_ldifViewer.inc @@ -13,7 +13,7 @@ class ldifViewer extends plugin $this->config = &$config; $this->dn = $dn; $ldap = $this->config->get_ldap_link(); - $this->ldif=$ldap->generateLdif(LDAP::fix($this->dn),'(objectClass=*)',array(),'base'); + $this->ldif=$ldap->generateLdif(LDAP::fix($this->dn),'(objectClass=*)','base'); } function execute() -- 2.30.2