From f4963df50f9aca4ebf7dc49b54d6de5159eaa347 Mon Sep 17 00:00:00 2001 From: Ludovic Marcotte Date: Tue, 19 May 2015 13:48:59 -0400 Subject: [PATCH 1/5] (fix) avoid appending the domain unconditionally when SOGoEnableDomainBasedUID is set to YES --- SoObjects/SOGo/SOGoUserFolder.m | 3 ++- SoObjects/SOGo/SOGoUserManager.m | 3 ++- UI/MainUI/SOGoRootPage.m | 6 ++++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserFolder.m b/SoObjects/SOGo/SOGoUserFolder.m index ba8414b81..2a44128e8 100644 --- a/SoObjects/SOGo/SOGoUserFolder.m +++ b/SoObjects/SOGo/SOGoUserFolder.m @@ -427,7 +427,8 @@ { currentUser = [users objectAtIndex: i]; field = [currentUser objectForKey: @"c_uid"]; - if (enableDomainBasedUID) + if (enableDomainBasedUID && + [field rangeOfString: @"@"].location == NSNotFound) field = [NSString stringWithFormat: @"%@@%@", field, domain]; if (![field isEqualToString: login]) { diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index 125ca3fcc..fd8105c0b 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -622,7 +622,8 @@ static Class NSNullK; // internal cache. [currentUser setObject: [newPassword asSHA1String] forKey: @"password"]; sd = [SOGoSystemDefaults sharedSystemDefaults]; - if ([sd enableDomainBasedUID]) + if ([sd enableDomainBasedUID] && + [login rangeOfString: @"@"].location == NSNotFound) userLogin = [NSString stringWithFormat: @"%@@%@", login, domain]; else userLogin = login; diff --git a/UI/MainUI/SOGoRootPage.m b/UI/MainUI/SOGoRootPage.m index df3e944b1..dc9712e88 100644 --- a/UI/MainUI/SOGoRootPage.m +++ b/UI/MainUI/SOGoRootPage.m @@ -228,7 +228,8 @@ if ([domain isNotNull]) { sd = [SOGoSystemDefaults sharedSystemDefaults]; - if ([sd enableDomainBasedUID]) + if ([sd enableDomainBasedUID] && + [username rangeOfString: @"@"].location == NSNotFound) username = [NSString stringWithFormat: @"%@@%@", username, domain]; } @@ -587,7 +588,8 @@ if ([domain isNotNull]) { sd = [SOGoSystemDefaults sharedSystemDefaults]; - if ([sd enableDomainBasedUID]) + if ([sd enableDomainBasedUID] && + [username rangeOfString: @"@"].location == NSNotFound) username = [NSString stringWithFormat: @"%@@%@", username, domain]; } From 020c8959258928a1e99ec4dafb2e1dedf8eeb9b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 11:44:06 +0200 Subject: [PATCH 2/5] Avoid uid+attributes entries on shared cache In multidomain environments this will produce that info@domain1.com can read info@domain2.com emails when info@domain2.com log in after info@domain1.com is already logged in. If multidomain is not enabled, this action is not needed because uid+attributes has been already saved on shared cache --- SoObjects/SOGo/SOGoUserManager.m | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index fd8105c0b..499832780 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -776,24 +776,20 @@ static Class NSNullK; withLogin: (NSString *) login { NSEnumerator *emails; - NSString *key; - - [[SOGoCache sharedCache] - setUserAttributes: [newUser jsonRepresentation] - forLogin: login]; + NSString *key, *user_json; + + user_json = [newUser jsonRepresentation]; + [[SOGoCache sharedCache] setUserAttributes: user_json + forLogin: login]; if (![newUser isKindOfClass: NSNullK]) { - key = [newUser objectForKey: @"c_uid"]; - if (key && ![key isEqualToString: login]) - [[SOGoCache sharedCache] - setUserAttributes: [newUser jsonRepresentation] - forLogin: key]; - emails = [[newUser objectForKey: @"emails"] objectEnumerator]; while ((key = [emails nextObject])) - [[SOGoCache sharedCache] - setUserAttributes: [newUser jsonRepresentation] - forLogin: key]; + { + if (![key isEqualToString: login]) + [[SOGoCache sharedCache] setUserAttributes: user_json + forLogin: key]; + } } } From 76dd53b4619c833ade32a54b0cdcdd545a0d36e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 12:30:05 +0200 Subject: [PATCH 3/5] Fix conflicts with externalLoginWithEmail + DomainBasedUid On multidomain environment (SOGoEnableDomainBasedUID) with email for imap authentication (SOGoForceExternalLoginWithEmail) we need to use uid@domain instead of just uid in method getEmailForUID --- SoObjects/SOGo/SOGoUserManager.m | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index 499832780..d41d57f08 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -362,6 +362,7 @@ static Class NSNullK; NSDictionary *contactInfos; NSString *login; SOGoDomainDefaults *dd; + SOGoSystemDefaults *sd; contactInfos = [self contactInfosForUserWithUIDorEmail: uid inDomain: domain]; @@ -372,10 +373,22 @@ static Class NSNullK; dd = [SOGoDomainDefaults defaultsForDomain: domain]; else dd = [SOGoSystemDefaults sharedSystemDefaults]; - - login = [dd forceExternalLoginWithEmail] ? [self getEmailForUID: uid] : uid; + + if ([dd forceExternalLoginWithEmail]) + { + sd = [SOGoSystemDefaults sharedSystemDefaults]; + if ([sd enableDomainBasedUID]) + // On multidomain environment we must use uid@domain + // for getEmailForUID method + login = [NSString stringWithFormat: @"%@@%@", uid, domain]; + else + login = uid; + login = [self getEmailForUID: login]; + } + else + login = uid; } - + return login; } From cc62576fef5e64fe2fce97937fc5e64fa574413b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 12:31:25 +0200 Subject: [PATCH 4/5] Avoid cache entries with uid@domain@domain prefix Depend of the current workflow these paths are reached with username as uid and sometimes as uid@domain. So in multidomain environments only append @domain when needed. --- SoObjects/SOGo/SOGoUserManager.m | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index d41d57f08..356bebfca 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -492,23 +492,17 @@ static Class NSNullK; NSString *dictPassword, *username, *jsonUser; SOGoSystemDefaults *dd; BOOL checkOK; - - // We check for cached passwords. If the entry is cached, we - // check this immediately. If not, we'll go directly at the - // authentication source and try to validate there, then cache it. - if (*_domain != nil) + + if (*_domain && [_login rangeOfString: @"@"].location == NSNotFound) username = [NSString stringWithFormat: @"%@@%@", _login, *_domain]; else username = _login; - failedCount = [[SOGoCache sharedCache] failedCountForLogin: username]; - dd = [SOGoSystemDefaults sharedSystemDefaults]; - - // // We check the fail count per user in memcache (per server). If the // fail count reaches X in Y minutes, we deny immediately the // authentications for Z minutes - // + failedCount = [[SOGoCache sharedCache] failedCountForLogin: username]; + dd = [SOGoSystemDefaults sharedSystemDefaults]; if (failedCount) { unsigned int current_time, start_time, delta, block_time; @@ -534,7 +528,9 @@ static Class NSNullK; } } - + // We check for cached passwords. If the entry is cached, we + // check this immediately. If not, we'll go directly at the + // authentication source and try to validate there, then cache it. jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username]; currentUser = [jsonUser objectFromJSONString]; dictPassword = [currentUser objectForKey: @"password"]; From 7dc333e79013cccc730284151acfe575a2e73af6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 15:24:00 +0200 Subject: [PATCH 5/5] Fix warning distinct Objective-C type failedCount is a NSDictionary *, not NSMutableDictionary * --- SoObjects/SOGo/SOGoUserManager.m | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index 356bebfca..2cbd2bafa 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -488,7 +488,8 @@ static Class NSNullK; grace: (int *) _grace useCache: (BOOL) useCache { - NSMutableDictionary *currentUser, *failedCount; + NSMutableDictionary *currentUser; + NSDictionary *failedCount; NSString *dictPassword, *username, *jsonUser; SOGoSystemDefaults *dd; BOOL checkOK;