From ec1b45cc38c58a408649ca846e3f4eccede7a336 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Fri, 24 Jul 2020 18:24:44 +0200 Subject: [PATCH] query numeric attribute values without quotes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some LDAP properties like `uidnumber` and `gidnumber` are numeric. When an OS tries to look up a user it will not only try to lookup the user by username, but also by the `uidnumber`: `(&(objectclass=posixAccount)(uidnumber=20000))`. The accounts backend for glauth was sending that as a string query `uid_number eq '20000'` in the ListAccounts query. This PR changes that to `uid_number eq 20000`. The removed quotes allow the parser in ocis-accounts to identify the numeric literal. Related: - https://github.com/owncloud/ocis-accounts/pull/68 - https://github.com/owncloud/ocis-glauth/issues/28 Signed-off-by: Jörn Friedrich Dreyer --- changelog/unreleased/fix-int-queries.md | 7 +++++++ pkg/server/glauth/handler.go | 5 +++-- 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 changelog/unreleased/fix-int-queries.md diff --git a/changelog/unreleased/fix-int-queries.md b/changelog/unreleased/fix-int-queries.md new file mode 100644 index 000000000..3c3e98d24 --- /dev/null +++ b/changelog/unreleased/fix-int-queries.md @@ -0,0 +1,7 @@ +Bugfix: query numeric attribute values without quotes + +Some LDAP properties like `uidnumber` and `gidnumber` are numeric. When an OS tries to look up a user it will not only try to lookup the user by username, but also by the `uidnumber`: `(&(objectclass=posixAccount)(uidnumber=20000))`. The accounts backend for glauth was sending that as a string query `uid_number eq '20000'` in the ListAccounts query. This PR changes that to `uid_number eq 20000`. The removed quotes allow the parser in ocis-accounts to identify the numeric literal. + +https://github.com/owncloud/ocis-glauth/issues/28 +https://github.com/owncloud/ocis-glauth/pull/29 +https://github.com/owncloud/ocis-accounts/pull/68 \ No newline at end of file diff --git a/pkg/server/glauth/handler.go b/pkg/server/glauth/handler.go index dcadb1a28..ed7fab173 100644 --- a/pkg/server/glauth/handler.go +++ b/pkg/server/glauth/handler.go @@ -224,6 +224,7 @@ func (h ocisHandler) mapAccounts(accounts []*accounts.Account) []*ldap.Entry { attribute("cn", accounts[i].PreferredName), attribute("uid", accounts[i].PreferredName), attribute("sn", accounts[i].PreferredName), + attribute("homeDirectory", ""), attribute("ownCloudUUID", accounts[i].Id), // see https://github.com/butonic/owncloud-ldap-schema/blob/master/owncloud.schema#L28-L34 } if accounts[i].DisplayName != "" { @@ -330,9 +331,9 @@ func parseFilter(f *ber.Packet) (qtype queryType, q string, err error) { case "displayname": q = fmt.Sprintf("display_name eq '%s'", escapeValue(value)) case "uidnumber": - q = fmt.Sprintf("uid_number eq '%s'", escapeValue(value)) + q = fmt.Sprintf("uid_number eq %s", value) // TODO check it is a number? case "gidnumber": - q = fmt.Sprintf("gid_number eq '%s'", escapeValue(value)) + q = fmt.Sprintf("gid_number eq %s", value) // TODO check it is a number? case "description": q = fmt.Sprintf("description eq '%s'", escapeValue(value)) default: