mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #14401 from owncloud/ux-s2s-ldap 

allow login names to be used for s2s with LDAP users
This commit is contained in:
Thomas Müller 2015-08-19 08:31:27 +02:00
parent 69e72eeb37 41ad4f46c8
commit d9172a1907
5 changed files with 106 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/files_sharing/api/server2server.php
View File

@ -51,6 +51,14 @@ class Server2Server {
return new \OC_OCS_Result(null, 400, 'The mountpoint name contains invalid characters.'); return new \OC_OCS_Result(null, 400, 'The mountpoint name contains invalid characters.');
} }
\OCP\Util::writeLog('files_sharing', 'shareWith before, ' . $shareWith, \OCP\Util::DEBUG);
\OCP\Util::emitHook(
'\OCA\Files_Sharing\API\Server2Server',
'preLoginNameUsedAsUserName',
array('uid' => &$shareWith)
);
\OCP\Util::writeLog('files_sharing', 'shareWith after, ' . $shareWith, \OCP\Util::DEBUG);
if (!\OCP\User::userExists($shareWith)) { if (!\OCP\User::userExists($shareWith)) {
return new \OC_OCS_Result(null, 400, 'User does not exists'); return new \OC_OCS_Result(null, 400, 'User does not exists');
} }

7
apps/user_ldap/appinfo/app.php
View File

@ -62,6 +62,13 @@ if(count($configPrefixes) > 0) {
OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs'); OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs');
OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp'); OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp');
\OCP\Util::connectHook(
'\OCA\Files_Sharing\API\Server2Server',
'preLoginNameUsedAsUserName',
'\OCA\user_ldap\lib\Helper',
'loginName2UserName'
);
if(OCP\App::isEnabled('user_webdavauth')) { if(OCP\App::isEnabled('user_webdavauth')) {
OCP\Util::writeLog('user_ldap', OCP\Util::writeLog('user_ldap',
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',

31
apps/user_ldap/lib/helper.php
View File

@ -27,6 +27,9 @@
namespace OCA\user_ldap\lib; namespace OCA\user_ldap\lib;
use OCA\user_ldap\lib\LDAP;
use OCA\user_ldap\User_Proxy;
class Helper { class Helper {
/** /**
@ -181,4 +184,32 @@ class Helper {
return $domain; return $domain;
} }
/**
* listens to a hook thrown by server2server sharing and replaces the given
* login name by a username, if it matches an LDAP user.
*
* @param array $param
* @throws \Exception
*/
public static function loginName2UserName($param) {
if(!isset($param['uid'])) {
throw new \Exception('key uid is expected to be set in $param');
}
//ain't it ironic?
$helper = new Helper();
$configPrefixes = $helper->getServerConfigurationPrefixes(true);
$ldapWrapper = new LDAP();
$ocConfig = \OC::$server->getConfig();
$userBackend = new User_Proxy(
$configPrefixes, $ldapWrapper, $ocConfig
);
$uid = $userBackend->loginName2UserName($param['uid'] );
if($uid !== false) {
$param['uid'] = $uid;
}
}
} }

60
apps/user_ldap/user_ldap.php
View File

@ -70,6 +70,43 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
return false; return false;
} }
/**
* returns the username for the given login name, if available
*
* @param string $loginName
* @return string|false
*/
public function loginName2UserName($loginName) {
try {
$ldapRecord = $this->getLDAPUserByLoginName($loginName);
$user = $this->access->userManager->get($ldapRecord['dn']);
if($user instanceof OfflineUser) {
return false;
}
return $user->getUsername();
} catch (\Exception $e) {
return false;
}
}
/**
* returns an LDAP record based on a given login name
*
* @param string $loginName
* @return array
* @throws \Exception
*/
public function getLDAPUserByLoginName($loginName) {
//find out dn of the user name
$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
'uid', 'samaccountname');
$users = $this->access->fetchUsersByLoginName($loginName, $attrs);
if(count($users) < 1) {
throw new \Exception('No user available for the given login name.');
}
return $users[0];
}
/** /**
* Check if the password is correct * Check if the password is correct
* @param string $uid The username * @param string $uid The username
@ -79,15 +116,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
* Check if the password is correct without logging in the user * Check if the password is correct without logging in the user
*/ */
public function checkPassword($uid, $password) { public function checkPassword($uid, $password) {
//find out dn of the user name try {
$attrs = array($this->access->connection->ldapUserDisplayName, 'dn', $ldapRecord = $this->getLDAPUserByLoginName($uid);
'uid', 'samaccountname'); } catch(\Exception $e) {
$users = $this->access->fetchUsersByLoginName($uid, $attrs);
if(count($users) < 1) {
return false; return false;
} }
$dn = $users[0]['dn']; $dn = $ldapRecord['dn'];
$user = $this->access->userManager->get($dn); $user = $this->access->userManager->get($dn);
if(!$user instanceof User) { if(!$user instanceof User) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'LDAP Login: Could not get user object for DN ' . $dn . 'LDAP Login: Could not get user object for DN ' . $dn .
@ -102,14 +138,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
} }
$user->markLogin(); $user->markLogin();
if(isset($users[0][$this->access->connection->ldapUserDisplayName])) { if(isset($ldapRecord[$this->access->connection->ldapUserDisplayName])) {
$dpn = $users[0][$this->access->connection->ldapUserDisplayName]; $dpn = $ldapRecord[$this->access->connection->ldapUserDisplayName];
$user->storeDisplayName($dpn); $user->storeDisplayName($dpn);
} }
if(isset($users[0]['uid'])) { if(isset($ldapRecord['uid'])) {
$user->storeLDAPUserName($users[0]['uid']); $user->storeLDAPUserName($ldapRecord['uid']);
} else if(isset($users[0]['samaccountname'])) { } else if(isset($ldapRecord['samaccountname'])) {
$user->storeLDAPUserName($users[0]['samaccountname']); $user->storeLDAPUserName($ldapRecord['samaccountname']);
} }
return $user->getUsername(); return $user->getUsername();

13
apps/user_ldap/user_proxy.php
View File

@ -161,7 +161,7 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
/** /**
* check if a user exists on LDAP * check if a user exists on LDAP
* @param string|OCA\User_LDAP\lib\User\User $user either the ownCloud user * @param string|\OCA\User_LDAP\lib\User\User $user either the ownCloud user
* name or an instance of that user * name or an instance of that user
* @return boolean * @return boolean
*/ */
@ -182,6 +182,17 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
return $this->handleRequest($uid, 'checkPassword', array($uid, $password)); return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
} }
/**
* returns the username for the given login name, if available
*
* @param string $loginName
* @return string|false
*/
public function loginName2UserName($loginName) {
$id = 'LOGINNAME,' . $loginName;
return $this->handleRequest($id, 'loginName2UserName', array($loginName));
}
/** /**
* get the user's home directory * get the user's home directory
* @param string $uid the username * @param string $uid the username