Merge pull request #14401 from owncloud/ux-s2s-ldap
allow login names to be used for s2s with LDAP users
This commit is contained in:
commit
d9172a1907
|
@ -51,6 +51,14 @@ class Server2Server {
|
||||||
return new \OC_OCS_Result(null, 400, 'The mountpoint name contains invalid characters.');
|
return new \OC_OCS_Result(null, 400, 'The mountpoint name contains invalid characters.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
\OCP\Util::writeLog('files_sharing', 'shareWith before, ' . $shareWith, \OCP\Util::DEBUG);
|
||||||
|
\OCP\Util::emitHook(
|
||||||
|
'\OCA\Files_Sharing\API\Server2Server',
|
||||||
|
'preLoginNameUsedAsUserName',
|
||||||
|
array('uid' => &$shareWith)
|
||||||
|
);
|
||||||
|
\OCP\Util::writeLog('files_sharing', 'shareWith after, ' . $shareWith, \OCP\Util::DEBUG);
|
||||||
|
|
||||||
if (!\OCP\User::userExists($shareWith)) {
|
if (!\OCP\User::userExists($shareWith)) {
|
||||||
return new \OC_OCS_Result(null, 400, 'User does not exists');
|
return new \OC_OCS_Result(null, 400, 'User does not exists');
|
||||||
}
|
}
|
||||||
|
|
|
@ -62,6 +62,13 @@ if(count($configPrefixes) > 0) {
|
||||||
OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs');
|
OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs');
|
||||||
OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp');
|
OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp');
|
||||||
|
|
||||||
|
\OCP\Util::connectHook(
|
||||||
|
'\OCA\Files_Sharing\API\Server2Server',
|
||||||
|
'preLoginNameUsedAsUserName',
|
||||||
|
'\OCA\user_ldap\lib\Helper',
|
||||||
|
'loginName2UserName'
|
||||||
|
);
|
||||||
|
|
||||||
if(OCP\App::isEnabled('user_webdavauth')) {
|
if(OCP\App::isEnabled('user_webdavauth')) {
|
||||||
OCP\Util::writeLog('user_ldap',
|
OCP\Util::writeLog('user_ldap',
|
||||||
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
|
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
|
||||||
|
|
|
@ -27,6 +27,9 @@
|
||||||
|
|
||||||
namespace OCA\user_ldap\lib;
|
namespace OCA\user_ldap\lib;
|
||||||
|
|
||||||
|
use OCA\user_ldap\lib\LDAP;
|
||||||
|
use OCA\user_ldap\User_Proxy;
|
||||||
|
|
||||||
class Helper {
|
class Helper {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -181,4 +184,32 @@ class Helper {
|
||||||
|
|
||||||
return $domain;
|
return $domain;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* listens to a hook thrown by server2server sharing and replaces the given
|
||||||
|
* login name by a username, if it matches an LDAP user.
|
||||||
|
*
|
||||||
|
* @param array $param
|
||||||
|
* @throws \Exception
|
||||||
|
*/
|
||||||
|
public static function loginName2UserName($param) {
|
||||||
|
if(!isset($param['uid'])) {
|
||||||
|
throw new \Exception('key uid is expected to be set in $param');
|
||||||
|
}
|
||||||
|
|
||||||
|
//ain't it ironic?
|
||||||
|
$helper = new Helper();
|
||||||
|
|
||||||
|
$configPrefixes = $helper->getServerConfigurationPrefixes(true);
|
||||||
|
$ldapWrapper = new LDAP();
|
||||||
|
$ocConfig = \OC::$server->getConfig();
|
||||||
|
|
||||||
|
$userBackend = new User_Proxy(
|
||||||
|
$configPrefixes, $ldapWrapper, $ocConfig
|
||||||
|
);
|
||||||
|
$uid = $userBackend->loginName2UserName($param['uid'] );
|
||||||
|
if($uid !== false) {
|
||||||
|
$param['uid'] = $uid;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -70,6 +70,43 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns the username for the given login name, if available
|
||||||
|
*
|
||||||
|
* @param string $loginName
|
||||||
|
* @return string|false
|
||||||
|
*/
|
||||||
|
public function loginName2UserName($loginName) {
|
||||||
|
try {
|
||||||
|
$ldapRecord = $this->getLDAPUserByLoginName($loginName);
|
||||||
|
$user = $this->access->userManager->get($ldapRecord['dn']);
|
||||||
|
if($user instanceof OfflineUser) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return $user->getUsername();
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns an LDAP record based on a given login name
|
||||||
|
*
|
||||||
|
* @param string $loginName
|
||||||
|
* @return array
|
||||||
|
* @throws \Exception
|
||||||
|
*/
|
||||||
|
public function getLDAPUserByLoginName($loginName) {
|
||||||
|
//find out dn of the user name
|
||||||
|
$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
|
||||||
|
'uid', 'samaccountname');
|
||||||
|
$users = $this->access->fetchUsersByLoginName($loginName, $attrs);
|
||||||
|
if(count($users) < 1) {
|
||||||
|
throw new \Exception('No user available for the given login name.');
|
||||||
|
}
|
||||||
|
return $users[0];
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if the password is correct
|
* Check if the password is correct
|
||||||
* @param string $uid The username
|
* @param string $uid The username
|
||||||
|
@ -79,15 +116,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
||||||
* Check if the password is correct without logging in the user
|
* Check if the password is correct without logging in the user
|
||||||
*/
|
*/
|
||||||
public function checkPassword($uid, $password) {
|
public function checkPassword($uid, $password) {
|
||||||
//find out dn of the user name
|
try {
|
||||||
$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
|
$ldapRecord = $this->getLDAPUserByLoginName($uid);
|
||||||
'uid', 'samaccountname');
|
} catch(\Exception $e) {
|
||||||
$users = $this->access->fetchUsersByLoginName($uid, $attrs);
|
|
||||||
if(count($users) < 1) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$dn = $users[0]['dn'];
|
$dn = $ldapRecord['dn'];
|
||||||
$user = $this->access->userManager->get($dn);
|
$user = $this->access->userManager->get($dn);
|
||||||
|
|
||||||
if(!$user instanceof User) {
|
if(!$user instanceof User) {
|
||||||
\OCP\Util::writeLog('user_ldap',
|
\OCP\Util::writeLog('user_ldap',
|
||||||
'LDAP Login: Could not get user object for DN ' . $dn .
|
'LDAP Login: Could not get user object for DN ' . $dn .
|
||||||
|
@ -102,14 +138,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
||||||
}
|
}
|
||||||
|
|
||||||
$user->markLogin();
|
$user->markLogin();
|
||||||
if(isset($users[0][$this->access->connection->ldapUserDisplayName])) {
|
if(isset($ldapRecord[$this->access->connection->ldapUserDisplayName])) {
|
||||||
$dpn = $users[0][$this->access->connection->ldapUserDisplayName];
|
$dpn = $ldapRecord[$this->access->connection->ldapUserDisplayName];
|
||||||
$user->storeDisplayName($dpn);
|
$user->storeDisplayName($dpn);
|
||||||
}
|
}
|
||||||
if(isset($users[0]['uid'])) {
|
if(isset($ldapRecord['uid'])) {
|
||||||
$user->storeLDAPUserName($users[0]['uid']);
|
$user->storeLDAPUserName($ldapRecord['uid']);
|
||||||
} else if(isset($users[0]['samaccountname'])) {
|
} else if(isset($ldapRecord['samaccountname'])) {
|
||||||
$user->storeLDAPUserName($users[0]['samaccountname']);
|
$user->storeLDAPUserName($ldapRecord['samaccountname']);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $user->getUsername();
|
return $user->getUsername();
|
||||||
|
|
|
@ -161,7 +161,7 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* check if a user exists on LDAP
|
* check if a user exists on LDAP
|
||||||
* @param string|OCA\User_LDAP\lib\User\User $user either the ownCloud user
|
* @param string|\OCA\User_LDAP\lib\User\User $user either the ownCloud user
|
||||||
* name or an instance of that user
|
* name or an instance of that user
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
|
@ -182,6 +182,17 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
|
||||||
return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
|
return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* returns the username for the given login name, if available
|
||||||
|
*
|
||||||
|
* @param string $loginName
|
||||||
|
* @return string|false
|
||||||
|
*/
|
||||||
|
public function loginName2UserName($loginName) {
|
||||||
|
$id = 'LOGINNAME,' . $loginName;
|
||||||
|
return $this->handleRequest($id, 'loginName2UserName', array($loginName));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* get the user's home directory
|
* get the user's home directory
|
||||||
* @param string $uid the username
|
* @param string $uid the username
|
||||||
|
|
Loading…
Reference in New Issue