From f47f4fc2a3a22ad866c007e9eebc9ed42d6effa6 Mon Sep 17 00:00:00 2001 From: hickert Date: Tue, 21 Sep 2010 06:34:58 +0000 Subject: [PATCH] Updated special-char handling in class ldap. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19773 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/class_ldap.inc | 89 ++++++++++++++++++++------------ gosa-core/include/functions.inc | 11 ++-- 2 files changed, 65 insertions(+), 35 deletions(-) diff --git a/gosa-core/include/class_ldap.inc b/gosa-core/include/class_ldap.inc index 9cdd38ec6..f2d786729 100644 --- a/gosa-core/include/class_ldap.inc +++ b/gosa-core/include/class_ldap.inc @@ -31,6 +31,8 @@ define("SPECIALS_OVERRIDE", TRUE); class LDAP { public static $characterMap = NULL; + public static $characterMapRegFrom = NULL; + public static $characterMapRegTo = NULL; var $hascon =false; var $reconnect=false; @@ -53,26 +55,21 @@ class LDAP function LDAP($binddn,$bindpw, $hostname, $follow_referral= FALSE, $tls= FALSE) { - global $config; - $this->follow_referral= $follow_referral; - $this->tls=$tls; - $this->binddn=LDAP::convert($binddn); - - $this->bindpw=$bindpw; - $this->hostname=$hostname; - - /* Check if MAX_LDAP_QUERY_TIME is defined */ - if(is_object($config) && $config->get_cfg_value("core","ldapMaxQueryTime") != ""){ - $str = $config->get_cfg_value("core","ldapMaxQueryTime"); - $this->max_ldap_query_time = (float)($str); - } - - $this->connect(); + global $config; + $this->follow_referral= $follow_referral; + $this->tls=$tls; + $this->binddn=LDAP::convert($binddn); + + $this->bindpw=$bindpw; + $this->hostname=$hostname; + + /* Check if MAX_LDAP_QUERY_TIME is defined */ + if(is_object($config) && $config->get_cfg_value("core","ldapMaxQueryTime") != ""){ + $str = $config->get_cfg_value("core","ldapMaxQueryTime"); + $this->max_ldap_query_time = (float)($str); + } - // Get detected character mapping - if(LDAP::$characterMap == NULL || TRUE){ - LDAP::$characterMap = detectLdapSpecialCharHandling(); - } + $this->connect(); } @@ -109,24 +106,52 @@ class LDAP } - /* Function to fix all problematic characters inside a DN by replacing \001XX - codes to their original values. See "convert" for mor information. - ',' characters are always expanded to \, (not \2C), since all tested LDAP - servers seem to take it the correct way. */ + /* \brief Tests for the special-char handling of the currently used ldap database + * and updates the LDAP class correspondingly. + * This affects the LDAP::fix function and allows us to write + * dns containing , " ( ) + */ + static function updateSpecialCharHandling() + { + // Set a default character handling. + LDAP::$characterMapRegFrom = array("/\001CO/", "/\001OB/", "/\001CB/", "/\001SL/", "/\001DQ/"); + LDAP::$characterMapRegTo = array("\,", "(", ")", "/", '\"'); + + if(LDAP::$characterMap == NULL){ + LDAP::$characterMap = detectLdapSpecialCharHandling(); + + // Check if character-detection was successfull, if it wasn't use a fallback. + if(LDAP::$characterMap){ + foreach(LDAP::$characterMap as $from => $to){ + LDAP::$characterMapRegFrom[] = "/{$from}/"; + LDAP::$characterMapRegTo[] = "/{$to}/"; + } + } + } + } + + + /* \brief Function to fix all problematic characters inside a DN by replacing \001XX + * codes to their original values. See "convert" for more information. + * The ',' characters are always expanded to \, (not \2C), since all tested LDAP + * servers seem to take it the correct way. + * @param String The DN to convert characters in. + * @param String The converted dn. + */ static function fix($dn) { - if (SPECIALS_OVERRIDE == TRUE){ - - print_a(LDAP::$characterMap); + if (SPECIALS_OVERRIDE == TRUE){ + + // Update the conversion instruction set. + if(LDAP::$characterMap == NULL) LDAP::updateSpecialCharHandling(); - return (preg_replace(array("/\001CO/", "/\001OB/", "/\001CB/", "/\001SL/", "/\001DQ/"), - array("\,", "(", ")", "/", '\"'), - $dn)); - } else { - return ($dn); - } + return (preg_replace(LDAP::$characterMapRegFrom,LDAP::$characterMapRegTo,$dn)); + } else { + return ($dn); + } } + /* Function to fix problematic characters in DN's that are used for search requests. I.e. member=.... */ static function prepare4filter($dn) diff --git a/gosa-core/include/functions.inc b/gosa-core/include/functions.inc index f039e56ad..1046a621c 100644 --- a/gosa-core/include/functions.inc +++ b/gosa-core/include/functions.inc @@ -3794,7 +3794,12 @@ function detectLdapSpecialCharHandling() // has the be un-escaped. $name = 'GOsaLdapEncoding_,_"_(_)'; $dnName = 'GOsaLdapEncoding_\,_\"_(_)'; - + + // Prapare name to be useable in filters + $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', $name)); + $filterName = str_replace('\\,', '\\\\,', $fixed); + + // Create the target dn $oDN = "o={$dnName},".$config->current['BASE']; @@ -3804,7 +3809,7 @@ function detectLdapSpecialCharHandling() ldap_set_option($ldapCID, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_bind($ldapCID, $config->current['ADMINDN'],$config->current['ADMINPASSWORD']); $res = ldap_list($ldapCID, $config->current['BASE'], - "(&(o=".LDAP::prepare4filter($name).")(objectClass=organization))", + "(&(o=".$filterName.")(objectClass=organization))", array('dn')); // If we haven't created the character-detection object, then create it now. @@ -3819,7 +3824,7 @@ function detectLdapSpecialCharHandling() // Read the character-handling detection entry from the ldap. $res = ldap_list($ldapCID, $config->current['BASE'], - "(&(o=".LDAP::prepare4filter($name).")(objectClass=organization))", + "(&(o=".$filterName.")(objectClass=organization))", array('dn','o')); $cnt = ldap_count_entries($ldapCID, $res); if($cnt != 1){ -- 2.30.2