From 66bc8145a99e5de7719eec3d2b19741b7424b23e Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 20 Feb 2015 13:09:33 +0100 Subject: [PATCH] allow login names to be used for s2s with LDAP users --- apps/files_sharing/api/server2server.php | 8 ++++ apps/user_ldap/appinfo/app.php | 7 +++ apps/user_ldap/lib/helper.php | 31 +++++++++++++ apps/user_ldap/user_ldap.php | 56 +++++++++++++++++++----- apps/user_ldap/user_proxy.php | 13 +++++- 5 files changed, 103 insertions(+), 12 deletions(-) diff --git a/apps/files_sharing/api/server2server.php b/apps/files_sharing/api/server2server.php index 3ecdf65dc7..b578ba663d 100644 --- a/apps/files_sharing/api/server2server.php +++ b/apps/files_sharing/api/server2server.php @@ -49,6 +49,14 @@ class Server2Server { return new \OC_OCS_Result(null, 400, 'The mountpoint name contains invalid characters.'); } + \OCP\Util::writeLog('files_sharing', 'shareWith before, ' . $shareWith, \OCP\Util::DEBUG); + \OCP\Util::emitHook( + '\OCA\Files_Sharing\API\Server2Server', + 'preLoginNameUsedAsUserName', + array('uid' => &$shareWith) + ); + \OCP\Util::writeLog('files_sharing', 'shareWith after, ' . $shareWith, \OCP\Util::DEBUG); + if (!\OCP\User::userExists($shareWith)) { return new \OC_OCS_Result(null, 400, 'User does not exists'); } diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php index 5457e6b654..68fd1b698e 100644 --- a/apps/user_ldap/appinfo/app.php +++ b/apps/user_ldap/appinfo/app.php @@ -62,6 +62,13 @@ if(count($configPrefixes) > 0) { OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs'); OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp'); +\OCP\Util::connectHook( + '\OCA\Files_Sharing\API\Server2Server', + 'preLoginNameUsedAsUserName', + '\OCA\user_ldap\lib\Helper', + 'loginName2UserName' +); + if(OCP\App::isEnabled('user_webdavauth')) { OCP\Util::writeLog('user_ldap', 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php index 40874b2ef9..57b75823a1 100644 --- a/apps/user_ldap/lib/helper.php +++ b/apps/user_ldap/lib/helper.php @@ -27,6 +27,9 @@ namespace OCA\user_ldap\lib; +use OCA\user_ldap\lib\LDAP; +use OCA\user_ldap\User_Proxy; + class Helper { /** @@ -181,4 +184,32 @@ class Helper { return $domain; } + + /** + * listens to a hook thrown by server2server sharing and replaces the given + * login name by a username, if it matches an LDAP user. + * + * @param array $param + * @throws \Exception + */ + public static function loginName2UserName($param) { + if(!isset($param['uid'])) { + throw new \Exception('key uid is expected to be set in $param'); + } + + //ain't it ironic? + $helper = new Helper(); + + $configPrefixes = $helper->getServerConfigurationPrefixes(true); + $ldapWrapper = new LDAP(); + $ocConfig = \OC::$server->getConfig(); + + $userBackend = new User_Proxy( + $configPrefixes, $ldapWrapper, $ocConfig + ); + $uid = $userBackend->loginName2UserName($param['uid'] ); + if($uid !== false) { + $param['uid'] = $uid; + } + } } diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index cd8a2dd251..045b3d46e0 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -70,6 +70,41 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn return false; } + /** + * returns the username for the given login name, if available + * + * @param string $loginName + * @return string|false + */ + public function loginName2UserName($loginName) { + try { + $ldapRecord = $this->getLDAPUserByLoginName($loginName); + $user = $this->access->userManager->get($ldapRecord['dn']); + return $user->getUsername(); + } catch (\Exception $e) { + return false; + } + } + + /** + * returns an LDAP record based on a given login name + * + * @param $loginName + * @return array + * @throws \Exception + */ + public function getLDAPUserByLoginName($loginName) { + $uid = $this->access->escapeFilterPart($loginName); + //find out dn of the user name + $attrs = array($this->access->connection->ldapUserDisplayName, 'dn', + 'uid', 'samaccountname'); + $users = $this->access->fetchUsersByLoginName($uid, $attrs); + if(count($users) < 1) { + throw new \Exception('No user available for the given login name.'); + } + return $users[0]; + } + /** * Check if the password is correct * @param string $uid The username @@ -79,15 +114,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn * Check if the password is correct without logging in the user */ public function checkPassword($uid, $password) { - //find out dn of the user name - $attrs = array($this->access->connection->ldapUserDisplayName, 'dn', - 'uid', 'samaccountname'); - $users = $this->access->fetchUsersByLoginName($uid, $attrs); - if(count($users) < 1) { + try { + $ldapRecord = $this->getLDAPUserByLoginName($uid); + } catch(\Exception $e) { return false; } - $dn = $users[0]['dn']; + $dn = $ldapRecord['dn']; $user = $this->access->userManager->get($dn); + if(!$user instanceof User) { \OCP\Util::writeLog('user_ldap', 'LDAP Login: Could not get user object for DN ' . $dn . @@ -102,14 +136,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn } $user->markLogin(); - if(isset($users[0][$this->access->connection->ldapUserDisplayName])) { - $dpn = $users[0][$this->access->connection->ldapUserDisplayName]; + if(isset($ldapRecord[$this->access->connection->ldapUserDisplayName])) { + $dpn = $ldapRecord[$this->access->connection->ldapUserDisplayName]; $user->storeDisplayName($dpn); } if(isset($users[0]['uid'])) { - $user->storeLDAPUserName($users[0]['uid']); - } else if(isset($users[0]['samaccountname'])) { - $user->storeLDAPUserName($users[0]['samaccountname']); + $user->storeLDAPUserName($ldapRecord['uid']); + } else if(isset($ldapRecord['samaccountname'])) { + $user->storeLDAPUserName($ldapRecord['samaccountname']); } return $user->getUsername(); diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php index 53d453e54f..995bb46dcc 100644 --- a/apps/user_ldap/user_proxy.php +++ b/apps/user_ldap/user_proxy.php @@ -159,7 +159,7 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf /** * check if a user exists on LDAP - * @param string|OCA\User_LDAP\lib\User\User $user either the ownCloud user + * @param string|\OCA\User_LDAP\lib\User\User $user either the ownCloud user * name or an instance of that user * @return boolean */ @@ -180,6 +180,17 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf return $this->handleRequest($uid, 'checkPassword', array($uid, $password)); } + /** + * returns the username for the given login name, if available + * + * @param string $loginName + * @return string|false + */ + public function loginName2UserName($loginName) { + $id = 'LOGINNAME,' . $loginName; + return $this->handleRequest($id, 'loginName2UserName', array($loginName)); + } + /** * get the user's home directory * @param string $uid the username