Fix some more ldap issues

Summary: - LDAP import needs to use envelopes. - Use ldap_sprintf(). Test Plan: Configured an LDAP server. Added an account. Imported it; logged in with it. Tried to login with accounts like ",", etc., got good errors. Reviewers: vrana, btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D2995
2025-02-22 11:39:03 +01:00 · 2012-07-17 14:05:26 -07:00 · 2012-07-17 14:05:26 -07:00 · 30deacdbaf
commit 30deacdbaf
parent a620a172a0
3 changed files with 48 additions and 37 deletions
--- a/src/applications/auth/controller/PhabricatorLDAPLoginController.php
+++ b/src/applications/auth/controller/PhabricatorLDAPLoginController.php
@ -35,10 +35,12 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
    $current_user = $this->getRequest()->getUser();
    $request = $this->getRequest();

+    $ldap_username = $request->getCookie('phusr');
    if ($request->isFormPost()) {
+      $ldap_username = $request->getStr('username');
      try {
        $envelope = new PhutilOpaqueEnvelope($request->getStr('password'));
-        $this->provider->auth($request->getStr('username'), $envelope);
+        $this->provider->auth($ldap_username, $envelope);
      } catch (Exception $e) {
        $errors[] = $e->getMessage();
      }
@ -124,7 +126,6 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
      }
    }

-    $ldap_username = $request->getCookie('phusr');
    $ldap_form = new AphrontFormView();
    $ldap_form
      ->setUser($request->getUser())
--- a/src/applications/auth/ldap/PhabricatorLDAPProvider.php
+++ b/src/applications/auth/ldap/PhabricatorLDAPProvider.php
@ -117,8 +117,11 @@ final class PhabricatorLDAPProvider {
    if ($activeDirectoryDomain) {
      $dn = $username . '@' . $activeDirectoryDomain;
    } else {
-      $dn = $this->getSearchAttribute() . '=' . $username . ',' .
-            $this->getBaseDN();
+      $dn = ldap_sprintf(
+        '%Q=%s,%Q',
+        $this->getSearchAttribute(),
+        $username,
+        $this->getBaseDN());
    }

    $conn = $this->getConnection();
@ -139,15 +142,21 @@ final class PhabricatorLDAPProvider {
  }

  private function getUser($username) {
-    $result = ldap_search($this->getConnection(), $this->getBaseDN(),
-              $this->getSearchAttribute() . '=' . $username);
+    $conn = $this->getConnection();
+
+    $query = ldap_sprintf(
+      '%Q=%S',
+      $this->getSearchAttribute(),
+      $username);
+
+    $result = ldap_search($conn, $this->getBaseDN(), $query);

    if (!$result) {
      throw new Exception('Search failed. Please check your LDAP and HTTP '.
        'logs for more information.');
    }

-    $entries = ldap_get_entries($this->getConnection(), $result);
+    $entries = ldap_get_entries($conn, $result);

    if ($entries === false) {
      throw new Exception('Could not get entries');
--- a/src/applications/people/controller/PhabricatorPeopleLdapController.php
+++ b/src/applications/people/controller/PhabricatorPeopleLdapController.php
@ -54,7 +54,7 @@ final class PhabricatorPeopleLdapController
        ->setValue('Search'));

    $panel = new AphrontPanelView();
-    $panel->setHeader('Import Ldap Users');
+    $panel->setHeader('Import LDAP Users');
    $panel->appendChild($form);


@ -126,7 +126,8 @@ final class PhabricatorPeopleLdapController

    try {
      $ldap_provider = new PhabricatorLDAPProvider();
-      $ldap_provider->auth($username, $password);
+      $envelope = new PhutilOpaqueEnvelope($password);
+      $ldap_provider->auth($username, $envelope);
      $results = $ldap_provider->search($search);
      foreach ($results as $key => $result) {
        $results[$key][] = $this->renderUserInputs($result);
@ -141,7 +142,7 @@ final class PhabricatorPeopleLdapController
          'Username',
          'Email',
          'RealName',
-          '',
+          'Import?',
        ));
      $form->appendChild($table);
      $form->setAction($request->getRequestURI()
@ -163,35 +164,35 @@ final class PhabricatorPeopleLdapController
  }

  private function renderUserInputs($user) {
-        $username = $user[0];
-        $inputs =  phutil_render_tag(
-          'input',
-          array(
-            'type' => 'checkbox',
-            'name' => 'usernames[]',
-            'value' =>$username,
-          ),
-          '');
+    $username = $user[0];
+    $inputs =  phutil_render_tag(
+      'input',
+      array(
+        'type' => 'checkbox',
+        'name' => 'usernames[]',
+        'value' =>$username,
+      ),
+      '');

-	$inputs .=  phutil_render_tag(
-          'input',
-          array(
-            'type' => 'hidden',
-            'name' => "email[$username]",
-            'value' =>$user[1],
-          ),
-          '');
+    $inputs .=  phutil_render_tag(
+      'input',
+      array(
+        'type' => 'hidden',
+        'name' => "email[$username]",
+        'value' =>$user[1],
+      ),
+      '');

-	$inputs .=  phutil_render_tag(
-          'input',
-          array(
-            'type' => 'hidden',
-            'name' => "name[$username]",
-            'value' =>$user[2],
-          ),
-          '');
-
-        return $inputs;
+    $inputs .=  phutil_render_tag(
+      'input',
+      array(
+        'type' => 'hidden',
+        'name' => "name[$username]",
+        'value' =>$user[2],
+      ),
+      '');

+    return $inputs;
  }
+
 }