Skip to content

Commit

Permalink
Fix some LDAP URIs failing is_valid_domain_name check
Browse files Browse the repository at this point in the history
  • Loading branch information
@figureone
figureone committed Nov 19, 2019
1 parent 1d1a56b commit 1eb05bc
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 23 deletions.
19 changes: 14 additions & 5 deletions src/authorizer/class-authentication.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -575,10 +575,12 @@ protected function custom_authenticate_ldap( $auth_settings, $username, $passwor
// the form ldap://hostname:port or ldaps://hostname:port.
$ldap_port = intval( $auth_settings['ldap_port'] );
$parsed_host = wp_parse_url( $ldap_host );
// Fail (fall back to WordPress auth) if invalid host is specified.
if ( false === $parsed_host || ! Helper::is_valid_domain_name( $ldap_host ) ) {

// Fail if invalid host is specified.
if ( false === $parsed_host ) {
continue;
}

// If a scheme is in the LDAP host, use full LDAP URI instead of just hostname.
if ( array_key_exists( 'scheme', $parsed_host ) ) {
// If the port isn't in the LDAP URI, use the one in the LDAP port field.
Expand All @@ -588,11 +590,18 @@ protected function custom_authenticate_ldap( $auth_settings, $username, $passwor
$ldap_host = Helper::build_url( $parsed_host );
}

// Establish LDAP connection.
// Create LDAP connection.
$ldap = ldap_connect( $ldap_host, $ldap_port );
ldap_set_option( $ldap, LDAP_OPT_PROTOCOL_VERSION, 3 );
if ( 1 === intval( $auth_settings['ldap_tls'] ) ) {
if ( ! ldap_start_tls( $ldap ) ) {

// Fail if we don't have a plausible LDAP URI.
if ( false === $ldap ) {
continue;
}

// Attempt to start TLS if that setting is checked and we're not using ldaps protocol.
if ( 1 === intval( $auth_settings['ldap_tls'] ) && false === strpos( $ldap_host, 'ldaps://' ) ) {
if ( ! @ldap_start_tls( $ldap ) ) {
continue;
}
}
Expand Down
18 changes: 0 additions & 18 deletions src/authorizer/class-helper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -381,24 +381,6 @@ public static function build_url( $parts = array() ) {
}


/**
* Determine whether a domain name is valid.
*
* @param string $domain_name Name to test.
* @return boolean Whether the domain is valid.
*/
public static function is_valid_domain_name($domain_name) {
return (
// Valid characters check.
preg_match("/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i", $domain_name) &&
// Overall length check.
preg_match("/^.{1,253}$/", $domain_name) &&
// Length of each label check.
preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name)
);
}


/**
* Helper function to get a single user info array from one of the access
* control lists (pending, approved, or blocked).
Expand Down

0 comments on commit 1eb05bc

Please sign in to comment.