Skip to content

[Ldap] Incorrect determination of RelativeDistinguishedName for the "move" operation #39518

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 17, 2020
Merged

[Ldap] Incorrect determination of RelativeDistinguishedName for the "move" operation #39518

merged 1 commit into from
Dec 17, 2020

Conversation

astepin
Copy link
Contributor

@astepin astepin commented Dec 15, 2020
edited
Loading

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

If the specified "DistinguishedName" contains a comma in the first value, the first "RelativeDistinguishedName" was determined incorrectly.
The regular expression now matches up to the first comma which was not escaped with backslash.

Testing private methods is a bit messy here. However, I thought it was better than testing this against an LDAP server.

Source: https://tools.ietf.org/html/rfc4514#section-3

@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 5.x branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

OskarStark
OskarStark requested changes Dec 16, 2020
View reviewed changes
Copy link
Contributor

@OskarStark OskarStark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First of all, thanks for your contribution 👍 Well done for your first time here 🎉

As this is a bugfix it should target the lowest maintained branch which contains this bug, so 4.4?

@astepin astepin changed the base branch from 5.x to 4.4 December 16, 2020 10:06
nicolas-grekas
nicolas-grekas reviewed Dec 17, 2020
View reviewed changes
src/Symfony/Component/Ldap/Tests/Adapter/ExtLdap/EntryManagerTest.php
{
return [
['CN=Simple,DC=example,DC=net', 'CN=Simple'],
['CN=James \"Jim\" Smith\, III,DC=example,DC=net', 'CN=James \"Jim\" Smith\, III'],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry if it's a dumb question: should the expected value be 'CN=James "Jim" Smith, III'?

Copy link
Contributor Author

@astepin astepin Dec 17, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Certain characters in the canonical name must be escaped for them to work with LDAP server.

So to continue working with the LDAP server we need the backslash in front of the quotes. => CN=James \"Jim\" Smith\, III

nicolas-grekas
nicolas-grekas reviewed Dec 17, 2020
View reviewed changes
src/Symfony/Component/Ldap/Adapter/ExtLdap/EntryManager.php
@@ -159,7 +159,7 @@ public function applyOperations(string $dn, iterable $operations): void

private function parseRdnFromEntry(Entry $entry): string
{
if (!preg_match('/^([^,]+),/', $entry->getDn(), $matches)) {
if (!preg_match('/(^[^,\\\\]*(?:\\\\.[^,\\\\]*)*),/', $entry->getDn(), $matches)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the regexp won't work when several \ are used, eg with \\\\ or \\\\\,,isn't it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The number of \ shouldn't matter. Compared to the old code, basically the same is done, except that now the comma is not matched if it is escaped with a \.

It's a bit tricky with the "not matching regex groups" (starting with ?: ). It is quite hard to read and understand.

@jderusse
Copy link
Member

Thank you @astepin.

@jderusse jderusse merged commit a316a31 into symfony:4.4 Dec 17, 2020
@astepin astepin deleted the issue_ldap_rdn branch December 17, 2020 11:41
This was referenced Dec 18, 2020
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OskarStark OskarStark OskarStark requested changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@jderusse jderusse jderusse approved these changes

@chalasr chalasr Awaiting requested review from chalasr

@dunglas dunglas Awaiting requested review from dunglas

@lyrixx lyrixx Awaiting requested review from lyrixx

@sroze sroze Awaiting requested review from sroze

@wouterj wouterj Awaiting requested review from wouterj

@xabbuh xabbuh Awaiting requested review from xabbuh

@yceruto yceruto Awaiting requested review from yceruto

Assignees
No one assigned
Labels
Bug Ldap Status: Reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@astepin @carsonbot @jderusse @nicolas-grekas @OskarStark