From 8707682e3a4bc777e0c34ad430f1017625e6fff4 Mon Sep 17 00:00:00 2001 From: papillon326 Date: Tue, 6 Nov 2018 17:35:58 +0900 Subject: [PATCH 1/2] MDL-63887 auth_ldap: changed variable names to be conform to core --- auth/ldap/auth.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index cd9e347d4bb0f..0d1bf9296a7cd 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -698,8 +698,8 @@ function sync_users($do_updates=true) { array_push($contexts, $this->config->create_context); } - $ldap_pagedresults = ldap_paged_results_supported($this->config->ldap_version, $ldapconnection); - $ldap_cookie = ''; + $ldappagedresults = ldap_paged_results_supported($this->config->ldap_version, $ldapconnection); + $ldapcookie = ''; foreach ($contexts as $context) { $context = trim($context); if (empty($context)) { @@ -707,23 +707,23 @@ function sync_users($do_updates=true) { } do { - if ($ldap_pagedresults) { - ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldap_cookie); + if ($ldappagedresults) { + ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldapcookie); } if ($this->config->search_sub) { // Use ldap_search to find first user from subtree. - $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); + $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); } else { // Search only in this context. - $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); + $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); } - if(!$ldap_result) { + if (!$ldapresult) { continue; } - if ($ldap_pagedresults) { - ldap_control_paged_result_response($ldapconnection, $ldap_result, $ldap_cookie); + if ($ldappagedresults) { + ldap_control_paged_result_response($ldapconnection, $ldapresult, $ldapcookie); } - if ($entry = @ldap_first_entry($ldapconnection, $ldap_result)) { + if ($entry = @ldap_first_entry($ldapconnection, $ldapresult)) { do { $value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute); $value = core_text::convert($value[0], $this->config->ldapencoding, 'utf-8'); @@ -731,13 +731,13 @@ function sync_users($do_updates=true) { $this->ldap_bulk_insert($value); } while ($entry = ldap_next_entry($ldapconnection, $entry)); } - unset($ldap_result); // Free mem. - } while ($ldap_pagedresults && $ldap_cookie !== null && $ldap_cookie != ''); + unset($ldapresult); // Free mem. + } while ($ldappagedresults && $ldapcookie !== null && $ldapcookie != ''); } // If LDAP paged results were used, the current connection must be completely // closed and a new one created, to work without paged results from here on. - if ($ldap_pagedresults) { + if ($ldappagedresults) { $this->ldap_close(true); $ldapconnection = $this->ldap_connect(); } From 43dcb956ba14802cae6baab1ce9fe6ccd83e0e0b Mon Sep 17 00:00:00 2001 From: papillon326 Date: Thu, 6 Dec 2018 14:51:00 +0800 Subject: [PATCH 2/2] MDL-63887 auth_ldap: avoid infinite loop when search limit is reached --- auth/ldap/auth.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 0d1bf9296a7cd..b3015d4e20fa4 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -721,7 +721,12 @@ function sync_users($do_updates=true) { continue; } if ($ldappagedresults) { - ldap_control_paged_result_response($ldapconnection, $ldapresult, $ldapcookie); + $pagedresp = ldap_control_paged_result_response($ldapconnection, $ldapresult, $ldapcookie); + // Function ldap_control_paged_result_response() does not overwrite $ldapcookie if it fails, by + // setting this to null we avoid an infinite loop. + if ($pagedresp === false) { + $ldapcookie = null; + } } if ($entry = @ldap_first_entry($ldapconnection, $ldapresult)) { do {