From 9922ec56d9d19eed61874a80b33975c3377043e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 11:44:06 +0200 Subject: [PATCH 1/4] Avoid uid+attributes entries on shared cache In multidomain environments this will produce that info@domain1.com can read info@domain2.com emails when info@domain2.com log in after info@domain1.com is already logged in. If multidomain is not enabled, this action is not needed because uid+attributes has been already saved on shared cache --- SoObjects/SOGo/SOGoUserManager.m | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index 6354a0cf4..6c10894de 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -806,24 +806,20 @@ static Class NSNullK; withLogin: (NSString *) login { NSEnumerator *emails; - NSString *key; - - [[SOGoCache sharedCache] - setUserAttributes: [newUser jsonRepresentation] - forLogin: login]; + NSString *key, *user_json; + + user_json = [newUser jsonRepresentation]; + [[SOGoCache sharedCache] setUserAttributes: user_json + forLogin: login]; if (![newUser isKindOfClass: NSNullK]) { - key = [newUser objectForKey: @"c_uid"]; - if (key && ![key isEqualToString: login]) - [[SOGoCache sharedCache] - setUserAttributes: [newUser jsonRepresentation] - forLogin: key]; - emails = [[newUser objectForKey: @"emails"] objectEnumerator]; while ((key = [emails nextObject])) - [[SOGoCache sharedCache] - setUserAttributes: [newUser jsonRepresentation] - forLogin: key]; + { + if (![key isEqualToString: login]) + [[SOGoCache sharedCache] setUserAttributes: user_json + forLogin: key]; + } } } From 37461e650d1dca5106daea7e73bf0428211fc803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 12:30:05 +0200 Subject: [PATCH 2/4] Fix conflicts with externalLoginWithEmail + DomainBasedUid On multidomain environment (SOGoEnableDomainBasedUID) with email for imap authentication (SOGoForceExternalLoginWithEmail) we need to use uid@domain instead of just uid in method getEmailForUID --- SoObjects/SOGo/SOGoUserManager.m | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index 6c10894de..52f7167ad 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -362,6 +362,7 @@ static Class NSNullK; NSDictionary *contactInfos; NSString *login; SOGoDomainDefaults *dd; + SOGoSystemDefaults *sd; contactInfos = [self contactInfosForUserWithUIDorEmail: uid inDomain: domain]; @@ -372,10 +373,22 @@ static Class NSNullK; dd = [SOGoDomainDefaults defaultsForDomain: domain]; else dd = [SOGoSystemDefaults sharedSystemDefaults]; - - login = [dd forceExternalLoginWithEmail] ? [self getEmailForUID: uid] : uid; + + if ([dd forceExternalLoginWithEmail]) + { + sd = [SOGoSystemDefaults sharedSystemDefaults]; + if ([sd enableDomainBasedUID]) + // On multidomain environment we must use uid@domain + // for getEmailForUID method + login = [NSString stringWithFormat: @"%@@%@", uid, domain]; + else + login = uid; + login = [self getEmailForUID: login]; + } + else + login = uid; } - + return login; } From 04ce8d10665ca734fefcbb8cd5c217add4ab614b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 12:31:25 +0200 Subject: [PATCH 3/4] Avoid cache entries with uid@domain@domain prefix Depend of the current workflow this paths are reached with username as uid and sometimes as uid@domain. So in multidomain environments only append @domain when needed. Conflicts: SoObjects/SOGo/SOGoUserManager.m --- SoObjects/SOGo/SOGoUserManager.m | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index 52f7167ad..be7d21979 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -495,11 +495,11 @@ static Class NSNullK; dd = [SOGoSystemDefaults sharedSystemDefaults]; - // We check for cached passwords. If the entry is cached, we - // check this immediately. If not, we'll go directly at the - // authentication source and try to validate there, then cache it. - if (*_domain != nil) - username = [NSString stringWithFormat: @"%@@%@", _login, *_domain]; + if (*_domain) + { + if ([_login rangeOfString: @"@"].location == NSNotFound) + username = [NSString stringWithFormat: @"%@@%@", _login, *_domain]; + } else { NSRange r; @@ -532,13 +532,10 @@ static Class NSNullK; } } - failedCount = [[SOGoCache sharedCache] failedCountForLogin: username]; - - // // We check the fail count per user in memcache (per server). If the // fail count reaches X in Y minutes, we deny immediately the // authentications for Z minutes - // + failedCount = [[SOGoCache sharedCache] failedCountForLogin: username]; if (failedCount) { unsigned int current_time, start_time, delta, block_time; @@ -564,7 +561,9 @@ static Class NSNullK; } } - + // We check for cached passwords. If the entry is cached, we + // check this immediately. If not, we'll go directly at the + // authentication source and try to validate there, then cache it. jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: username]; currentUser = [jsonUser objectFromJSONString]; dictPassword = [currentUser objectForKey: @"password"]; From 7990e23aaa2dfc4ade88309f8a53cfe9e23ccb80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Garc=C3=ADa=20S=C3=A1ez?= Date: Wed, 20 May 2015 15:24:00 +0200 Subject: [PATCH 4/4] Fix warning distinct Objective-C type failedCount is a NSDictionary *, not NSMutableDictionary * --- SoObjects/SOGo/SOGoUserManager.m | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SoObjects/SOGo/SOGoUserManager.m b/SoObjects/SOGo/SOGoUserManager.m index be7d21979..300ea7000 100644 --- a/SoObjects/SOGo/SOGoUserManager.m +++ b/SoObjects/SOGo/SOGoUserManager.m @@ -488,7 +488,8 @@ static Class NSNullK; grace: (int *) _grace useCache: (BOOL) useCache { - NSMutableDictionary *currentUser, *failedCount; + NSMutableDictionary *currentUser; + NSDictionary *failedCount; NSString *dictPassword, *username, *jsonUser; SOGoSystemDefaults *dd; BOOL checkOK;