fix(core): Add disableSubgroups option in SOGoUserSources LDAP settin…

…gs to avoid infinite recursive loop when using a group name with the same name as a member. Fixes #5913
Alinto · Feb 28, 2024 · fd9b8dc · fd9b8dc
1 parent 8267b5a
commit fd9b8dc
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 7 deletions.
diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc
@@ -1270,6 +1270,10 @@ Defaults to `YES` when unset.
 |globalAddressBookFirstEntriesCount (optional)
 |Number of entries displayed when `listRequiresDot` is enabled. Default value is `-1` (all records). If source is LDAP, the LDAP overlay sssvlv must be enabled on the system for server side sorting.
 
+|disableSubgroups (optional)
+|If set to `YES`, disable recursive search. Consider this option when groups have the same name than a member (https://bugs.sogo.nu/view.php?id=5913).
+Defaults to `NO` when unset.
+
 |ModulesConstraints (optional)
 |Limits the access of any module through a constraint based on an LDAP
 attribute; must be a dictionary with keys `Mail`, and/or `Calendar`,

diff --git a/SoObjects/SOGo/LDAPSource.h b/SoObjects/SOGo/LDAPSource.h
@@ -66,6 +66,8 @@
   BOOL _listRequiresDot;
   int _globalAddressBookFirstEntriesCount;
 
+  BOOL _disableSubgroups;
+
   NSString *_domain;
   NSString *_contactInfoAttribute;
   BOOL _groupExpansionEnabled;

diff --git a/SoObjects/SOGo/LDAPSource.m b/SoObjects/SOGo/LDAPSource.m
@@ -108,6 +108,8 @@ - (id) init
       _listRequiresDot = YES;
       _globalAddressBookFirstEntriesCount = -1;
 
+      _disableSubgroups = NO;
+
       _passwordPolicy = NO;
       _updateSambaNTLMPasswords = NO;
       _lookupFields = [NSArray arrayWithObject: @"*"];
@@ -171,7 +173,7 @@ - (id) initFromUDSource: (NSDictionary *) udSource
                inDomain: (NSString *) sourceDomain
 {
   SOGoDomainDefaults *dd;
-  NSNumber *udQueryLimit, *udQueryTimeout, *udGroupExpansionEnabled, *dotValue;
+  NSNumber *udQueryLimit, *udQueryTimeout, *udGroupExpansionEnabled, *dotValue, *disableSubgroupsValue;
 
   if ((self = [self init]))
     {
@@ -207,6 +209,10 @@ - (id) initFromUDSource: (NSDictionary *) udSource
           [self setGlobalAddressBookFirstEntriesCount: [[udSource objectForKey: @"globalAddressBookFirstEntriesCount"] intValue]];
       }
 
+      disableSubgroupsValue = [udSource objectForKey: @"disableSubgroups"];
+      if (disableSubgroupsValue)
+        _disableSubgroups = [disableSubgroupsValue boolValue];
+
       [self setContactMapping: [udSource objectForKey: @"mapping"]
              andObjectClasses: [udSource objectForKey: @"objectClasses"]];
 
@@ -2355,16 +2361,21 @@ - (NSArray *) membersForGroupWithUID: (NSString *) uid
               user = [SOGoUser userWithLogin: login  roles: nil];
               if (user)
                 {
-                  contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
-                  if ([contactInfos objectForKey: @"isGroup"])
+                  if (!_disableSubgroups) {
+                    contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
+                    if ([contactInfos objectForKey: @"isGroup"])
                     {
                       subusers = [self membersForGroupWithUID: login];
                       [members addObjectsFromArray: subusers];
                     }
-                  else
+                    else
                     {
                       [members addObject: user];
                     }
+                  } else {
+                    [members addObject: user];
+                  }
+
                 }
               [pool release];
             }
@@ -2377,16 +2388,20 @@ - (NSArray *) membersForGroupWithUID: (NSString *) uid
               user = [SOGoUser userWithLogin: login  roles: nil];
               if (user)
                 {
-                  contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
-                  if ([contactInfos objectForKey: @"isGroup"])
+                  if (!_disableSubgroups) {
+                    contactInfos = [self lookupContactEntryWithUIDorEmail: login inDomain: nil];
+                    if ([contactInfos objectForKey: @"isGroup"])
                     {
                       subusers = [self membersForGroupWithUID: login];
                       [members addObjectsFromArray: subusers];
                     }
-                  else
+                    else
                     {
                       [members addObject: user];
                     }
+                  } else {
+                    [members addObject: user];
+                  }
                 }
               [pool release];
             }