diff --git a/changelog/unreleased/bump-reva.md b/changelog/unreleased/bump-reva.md index 5751ff4e104..936d95d4022 100644 --- a/changelog/unreleased/bump-reva.md +++ b/changelog/unreleased/bump-reva.md @@ -7,3 +7,4 @@ https://github.com/owncloud/ocis/pull/6427 https://github.com/owncloud/ocis/pull/7178 https://github.com/owncloud/ocis/pull/7217 https://github.com/owncloud/ocis/pull/7410 +https://github.com/owncloud/ocis/pull/7476 diff --git a/changelog/unreleased/fix-users-by-claim-lookup-binary-uuid.md b/changelog/unreleased/fix-users-by-claim-lookup-binary-uuid.md new file mode 100644 index 00000000000..0bb87072011 --- /dev/null +++ b/changelog/unreleased/fix-users-by-claim-lookup-binary-uuid.md @@ -0,0 +1,9 @@ +Bugfix: GetUserByClaim fixed for Active Directory + +The reva ldap backend for the users and groups service did not hex escape +binary uuids in LDAP filter correctly this could cause problems in Active +Directory setups for services using the GetUserByClaim CS3 request with claim +"userid". + +https://github.com/owncloud/ocis/pull/7476 +https://github.com/owncloud/ocis/issues/7469 diff --git a/go.mod b/go.mod index ef3531cf515..506d25bb518 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/coreos/go-oidc v2.2.1+incompatible github.com/coreos/go-oidc/v3 v3.6.0 github.com/cs3org/go-cs3apis v0.0.0-20230727093620-0f4399be4543 - github.com/cs3org/reva/v2 v2.16.1-0.20231011081722-044d686b88e1 + github.com/cs3org/reva/v2 v2.16.1-0.20231012102459-2b27cd47ab72 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e github.com/egirna/icap-client v0.1.1 diff --git a/go.sum b/go.sum index 5a284871a29..77e8ecaa0a5 100644 --- a/go.sum +++ b/go.sum @@ -1013,8 +1013,8 @@ github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc= github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA= -github.com/cs3org/reva/v2 v2.16.1-0.20231011081722-044d686b88e1 h1:Efy7Yx7zyqtCmGhR6qRhSmvjNSxnPt69LF0UyV9kd9U= -github.com/cs3org/reva/v2 v2.16.1-0.20231011081722-044d686b88e1/go.mod h1:6M5k4UvGUgZh31t4r70RwbesW+w2EM/gd/gpuQZxAPg= +github.com/cs3org/reva/v2 v2.16.1-0.20231012102459-2b27cd47ab72 h1:53M+ldLYQSxl/iJokKfOUmY0ntMhnATQu9cBZE1X53k= +github.com/cs3org/reva/v2 v2.16.1-0.20231012102459-2b27cd47ab72/go.mod h1:6M5k4UvGUgZh31t4r70RwbesW+w2EM/gd/gpuQZxAPg= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= diff --git a/vendor/github.com/cs3org/reva/v2/pkg/trace/trace.go b/vendor/github.com/cs3org/reva/v2/pkg/trace/trace.go index e3af4e2f347..b613b23a680 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/trace/trace.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/trace/trace.go @@ -85,6 +85,8 @@ func NewTracerProvider(opts ...Option) trace.TracerProvider { // SetDefaultTracerProvider sets the default trace provider func SetDefaultTracerProvider(tp trace.TracerProvider) { otel.SetTracerProvider(tp) + defaultProvider.mutex.Lock() + defer defaultProvider.mutex.Unlock() defaultProvider.initialized = true } diff --git a/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go b/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go index 3f3c4a8a5e8..f438d332036 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/utils/ldap/identity.go @@ -526,7 +526,7 @@ func (i *Identity) getUserAttributeFilter(attribute, value string) (string, erro default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == "userid" && i.User.Schema.IDIsOctetString { + if attribute == i.User.Schema.ID && i.User.Schema.IDIsOctetString { id, err := uuid.Parse(value) if err != nil { err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value)) @@ -687,7 +687,7 @@ func (i *Identity) getGroupAttributeFilter(attribute, value string) (string, err default: return "", errors.New("ldap: invalid field " + attribute) } - if attribute == "group_id" && i.Group.Schema.IDIsOctetString { + if attribute == i.Group.Schema.ID && i.Group.Schema.IDIsOctetString { id, err := uuid.Parse(value) if err != nil { err := errors.Wrap(err, fmt.Sprintf("error parsing OpaqueID '%s' as UUID", value)) diff --git a/vendor/modules.txt b/vendor/modules.txt index 878f80f5f22..bda735cde73 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -357,7 +357,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.16.1-0.20231011081722-044d686b88e1 +# github.com/cs3org/reva/v2 v2.16.1-0.20231012102459-2b27cd47ab72 ## explicit; go 1.20 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime