From c5017bbd42393d5910f5068b42009532495ec42a Mon Sep 17 00:00:00 2001
From: Valentin Tolmer <valentin@tolmer.fr>
Date: Fri, 1 Jul 2022 12:26:36 +0200
Subject: [PATCH] ldap: remove copies from the wildcard expansion

---
 server/src/infra/ldap_handler.rs | 33 ++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/server/src/infra/ldap_handler.rs b/server/src/infra/ldap_handler.rs
index 7464745..c316378 100644
--- a/server/src/infra/ldap_handler.rs
+++ b/server/src/infra/ldap_handler.rs
@@ -205,21 +205,27 @@ fn get_user_attribute(
 }
 
 #[instrument(skip_all, level = "debug")]
-fn expand_attribute_wildcards(
-    ldap_attributes: &[String],
-    all_attribute_keys: &[&str],
-) -> Vec<String> {
-    let mut attributes_out = ldap_attributes.to_owned();
+fn expand_attribute_wildcards<'a>(
+    ldap_attributes: &'a [String],
+    all_attribute_keys: &'a [&'static str],
+) -> Vec<&'a str> {
+    let mut attributes_out = ldap_attributes
+        .iter()
+        .map(String::as_str)
+        .collect::<Vec<_>>();
 
-    if attributes_out.iter().any(|x| x == "*") || attributes_out.is_empty() {
+    if attributes_out.iter().any(|&x| x == "*") || attributes_out.is_empty() {
         // Remove occurrences of '*'
-        attributes_out.retain(|x| x != "*");
+        attributes_out.retain(|&x| x != "*");
         // Splice in all non-operational attributes
-        attributes_out.extend(all_attribute_keys.iter().map(|s| s.to_string()));
+        attributes_out.extend(all_attribute_keys.iter());
     }
 
     // Deduplicate, preserving order
-    let resolved_attributes = attributes_out.into_iter().unique().collect_vec();
+    let resolved_attributes = attributes_out
+        .into_iter()
+        .unique_by(|a| a.to_ascii_lowercase())
+        .collect_vec();
     debug!(?ldap_attributes, ?resolved_attributes);
     resolved_attributes
 }
@@ -238,7 +244,7 @@ const ALL_USER_ATTRIBUTE_KEYS: &[&str] = &[
 fn make_ldap_search_user_result_entry(
     user: User,
     base_dn_str: &str,
-    attributes: &[String],
+    attributes: &[&str],
     groups: Option<&[GroupDetails]>,
     ignored_user_attributes: &[String],
 ) -> Result<LdapSearchResultEntry> {
@@ -2174,8 +2180,11 @@ mod tests {
             expected_result
         );
 
-        let request2 =
-            make_search_request("dc=example,dc=com", LdapFilter::And(vec![]), vec!["*", "*"]);
+        let request2 = make_search_request(
+            "dc=example,dc=com",
+            LdapFilter::And(vec![]),
+            vec!["objectclass", "obJEctclaSS", "dn", "*", "*"],
+        );
 
         assert_eq!(
             ldap_handler.do_search_or_dse(&request2).await,