Skip to content

Commit

Permalink
bug symfony#58144 [Ldap] fail if whoami() is called before `saslBin…
Browse files Browse the repository at this point in the history 
…d()` (xabbuh)

This PR was merged into the 7.2 branch.

Discussion
----------

[Ldap] fail if `whoami()` is called before `saslBind()`

| Q             | A
| ------------- | ---
| Branch?       | 7.2
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Issues        |
| License       | MIT

Commits
-------

734ce16 fail if whoami() is called before saslBind()
  • Loading branch information
@fabpot
fabpot committed Sep 6, 2024
2 parents 9e81345 + 734ce16 commit 542891f
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use Symfony\Component\Ldap\Exception\ConnectionTimeoutException;
use Symfony\Component\Ldap\Exception\InvalidCredentialsException;
use Symfony\Component\Ldap\Exception\LdapException;
use Symfony\Component\Ldap\Exception\NotBoundException;
use Symfony\Component\OptionsResolver\Options;
use Symfony\Component\OptionsResolver\OptionsResolver;

Expand Down Expand Up @@ -116,6 +117,10 @@ public function saslBind(?string $dn = null, #[\SensitiveParameter] ?string $pas
*/
public function whoami(): string
{
if (!$this->connection) {
throw new NotBoundException(\sprintf('Cannot execute "%s()" before calling "%s::saslBind()".', __METHOD__, __CLASS__));
}

if (false === $authzId = ldap_exop_whoami($this->connection)) {
throw new LdapException(ldap_error($this->connection));
}
Expand Down
27 changes: 27 additions & 0 deletions src/Symfony/Component/Ldap/Tests/Adapter/ExtLdap/AdapterTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,39 @@ public function testLdapEscape()
*/
public function testSaslBind()
{
$h = @ldap_connect(getenv('LDAP_HOST'), getenv('LDAP_PORT'));
@ldap_set_option($h, \LDAP_OPT_PROTOCOL_VERSION, 3);

if (!$h || !@ldap_bind($h)) {
$this->markTestSkipped('No server is listening on LDAP_HOST:LDAP_PORT');
}

if (!@ldap_start_tls($h)) {
ldap_unbind($h);
$this->markTestSkipped('Cannot establish an encrypted connection');
}

ldap_unbind($h);

$ldap = new Adapter($this->getLdapConfig());

$ldap->getConnection()->saslBind('cn=admin,dc=symfony,dc=com', 'symfony');
$this->assertEquals('cn=admin,dc=symfony,dc=com', $ldap->getConnection()->whoami());
}

/**
* @group functional
*/
public function testWhoamiWithoutSaslBind()
{
$ldap = new Adapter($this->getLdapConfig());

$this->expectException(NotBoundException::class);
$this->expectExceptionMessage('Cannot execute "Symfony\Component\Ldap\Adapter\ExtLdap\Connection::whoami()" before calling "Symfony\Component\Ldap\Adapter\ExtLdap\Connection::saslBind()".');

$ldap->getConnection()->whoami();
}

/**
* @group functional
*/
Expand Down

0 comments on commit 542891f

Please sign in to comment.