amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-02-17 07:33:57 +00:00
Code Issues Projects Releases Wiki Activity

fix(core): Add disableSubgroups option in SOGoUserSources LDAP settings to avoid infinite recursive loop when using a group name with the same name as a member. Fixes #5913

Browse Source
This commit is contained in:
smizrahi
2024-02-28 11:08:23 +01:00
parent 8267b5afd3
commit fd9b8dcfcd
3 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Documentation/SOGoInstallationGuide.asciidoc
View File

@@ -1270,6 +1270,10 @@ Defaults to `YES` when unset.
|globalAddressBookFirstEntriesCount (optional)
|Number of entries displayed when `listRequiresDot` is enabled. Default value is `-1` (all records). If source is LDAP, the LDAP overlay sssvlv must be enabled on the system for server side sorting.
|disableSubgroups (optional)
|If set to `YES`, disable recursive search. Consider this option when groups have the same name than a member (https://bugs.sogo.nu/view.php?id=5913).
Defaults to `NO` when unset.
|ModulesConstraints (optional)
|Limits the access of any module through a constraint based on an LDAP
attribute; must be a dictionary with keys `Mail`, and/or `Calendar`,

2
SoObjects/SOGo/LDAPSource.h
View File

@@ -66,6 +66,8 @@
BOOL _listRequiresDot;
int _globalAddressBookFirstEntriesCount;
BOOL _disableSubgroups;
NSString *_domain;
NSString *_contactInfoAttribute;
BOOL _groupExpansionEnabled;

29
SoObjects/SOGo/LDAPSource.m
View File

@@ -108,6 +108,8 @@ static Class NSStringK;
_listRequiresDot = YES;
_globalAddressBookFirstEntriesCount = -1;
_disableSubgroups = NO;
_passwordPolicy = NO;
_updateSambaNTLMPasswords = NO;
_lookupFields = [NSArray arrayWithObject: @"*"];
@@ -171,7 +173,7 @@ static Class NSStringK;
inDomain: (NSString *) sourceDomain
{
SOGoDomainDefaults *dd;
NSNumber *udQueryLimit, *udQueryTimeout, *udGroupExpansionEnabled, *dotValue;
NSNumber *udQueryLimit, *udQueryTimeout, *udGroupExpansionEnabled, *dotValue, *disableSubgroupsValue;
if ((self = [self init]))
{
@@ -207,6 +209,10 @@ static Class NSStringK;
[self setGlobalAddressBookFirstEntriesCount: [[udSource objectForKey: @"globalAddressBookFirstEntriesCount"] intValue]];
}
disableSubgroupsValue = [udSource objectForKey: @"disableSubgroups"];
if (disableSubgroupsValue)
_disableSubgroups = [disableSubgroupsValue boolValue];
[self setContactMapping: [udSource objectForKey: @"mapping"]
andObjectClasses: [udSource objectForKey: @"objectClasses"]];
@@ -2355,16 +2361,21 @@ _makeLDAPChanges (NGLdapConnection *ldapConnection,
user = [SOGoUser userWithLogin: login roles: nil];
if (user)
{
contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
if ([contactInfos objectForKey: @"isGroup"])
if (!_disableSubgroups) {
contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
if ([contactInfos objectForKey: @"isGroup"])
{
subusers = [self membersForGroupWithUID: login];
[members addObjectsFromArray: subusers];
}
else
else
{
[members addObject: user];
}
} else {
[members addObject: user];
}
}
[pool release];
}
@@ -2377,16 +2388,20 @@ _makeLDAPChanges (NGLdapConnection *ldapConnection,
user = [SOGoUser userWithLogin: login roles: nil];
if (user)
{
contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
if ([contactInfos objectForKey: @"isGroup"])
if (!_disableSubgroups) {
contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
if ([contactInfos objectForKey: @"isGroup"])
{
subusers = [self membersForGroupWithUID: login];
[members addObjectsFromArray: subusers];
}
else
else
{
[members addObject: user];
}
} else {
[members addObject: user];
}
}
[pool release];
}