upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Merge pull request #32284 from nextcloud/backport/32246/stable23

Browse source 
[stable23] Don't use hash to check if binding worked
This commit is contained in:
Côme Chilliet 2022-05-09 09:31:09 +02:00 committed by GitHub
commit 47a34c0961
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
apps/user_ldap/lib/Connection.php
View file

@ -125,7 +125,7 @@ class Connection extends LDAPUtility {
protected $ignoreValidation = false;
/**
* @var array{dn?: mixed, hash?: string, result?: bool}
* @var array{sum?: string, result?: bool}
*/
protected $bindResult = [];
@ -669,11 +669,7 @@ class Connection extends LDAPUtility {
if (
count($this->bindResult) !== 0
&& $this->bindResult['dn'] === $this->configuration->ldapAgentName
&& \OC::$server->getHasher()->verify(
$this->configPrefix . $this->configuration->ldapAgentPassword,
$this->bindResult['hash']
)
&& $this->bindResult['sum'] === md5($this->configuration->ldapAgentName . $this->configPrefix . $this->configuration->ldapAgentPassword)
) {
// don't attempt to bind again with the same data as before
// bind might have been invoked via getConnectionResource(),
@ -686,8 +682,7 @@ class Connection extends LDAPUtility {
$this->configuration->ldapAgentPassword);
$this->bindResult = [
'dn' => $this->configuration->ldapAgentName,
'hash' => \OC::$server->getHasher()->hash($this->configPrefix . $this->configuration->ldapAgentPassword),
'sum' => md5($this->configuration->ldapAgentName . $this->configPrefix . $this->configuration->ldapAgentPassword),
'result' => $ldapLogin,
];