mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use proper PHPDoc and variable names in the LDAP lib 

My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
This commit is contained in:
Lukas Reschke 2014-05-11 15:17:27 +02:00
parent b6d76e9985
commit fc8be5abc3
12 changed files with 683 additions and 378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

435
apps/user_ldap/lib/access.php
View File

@ -23,6 +23,10 @@
namespace OCA\user_ldap\lib; namespace OCA\user_ldap\lib;
/**
* Class Access
* @package OCA\user_ldap\lib
*/
class Access extends LDAPUtility { class Access extends LDAPUtility {
public $connection; public $connection;
//never ever check this var directly, always use getPagedSearchResultState //never ever check this var directly, always use getPagedSearchResultState
@ -30,24 +34,30 @@ class Access extends LDAPUtility {
protected $cookies = array(); protected $cookies = array();
/**
* @param Connection $connection
* @param ILDAPWrapper $ldap
*/
public function __construct(Connection $connection, ILDAPWrapper $ldap) { public function __construct(Connection $connection, ILDAPWrapper $ldap) {
parent::__construct($ldap); parent::__construct($ldap);
$this->connection = $connection; $this->connection = $connection;
} }
/**
* @return bool
*/
private function checkConnection() { private function checkConnection() {
return ($this->connection instanceof Connection); return ($this->connection instanceof Connection);
} }
/** /**
* @brief reads a given attribute for an LDAP record identified by a DN * @brief reads a given attribute for an LDAP record identified by a DN
* @param $dn the record in question * @param string $dn the record in question
* @param $attr the attribute that shall be retrieved * @param string $attr the attribute that shall be retrieved
* if empty, just check the record's existence * if empty, just check the record's existence
* @returns an array of values on success or an empty * @param string $filter
* @return array|false an array of values on success or an empty
* array if $attr is empty, false otherwise * array if $attr is empty, false otherwise
*
* Reads an attribute from an LDAP entry or check if entry exists
*/ */
public function readAttribute($dn, $attr, $filter = 'objectClass=*') { public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
if(!$this->checkConnection()) { if(!$this->checkConnection()) {
@ -105,7 +115,7 @@ class Access extends LDAPUtility {
} }
/** /**
* @brief checks wether the given attribute`s valua is probably a DN * @brief checks whether the given attributes value is probably a DN
* @param string $attr the attribute in question * @param string $attr the attribute in question
* @return boolean if so true, otherwise false * @return boolean if so true, otherwise false
*/ */
@ -120,8 +130,8 @@ class Access extends LDAPUtility {
/** /**
* @brief sanitizes a DN received from the LDAP server * @brief sanitizes a DN received from the LDAP server
* @param $dn the DN in question * @param array $dn the DN in question
* @return the sanitized DN * @return array the sanitized DN
*/ */
private function sanitizeDN($dn) { private function sanitizeDN($dn) {
//treating multiple base DNs //treating multiple base DNs
@ -163,7 +173,8 @@ class Access extends LDAPUtility {
/** /**
* gives back the database table for the query * gives back the database table for the query
* @param boolean $isUser * @param bool $isUser
* @return string
*/ */
private function getMapTable($isUser) { private function getMapTable($isUser) {
if($isUser) { if($isUser) {
@ -176,9 +187,7 @@ class Access extends LDAPUtility {
/** /**
* @brief returns the LDAP DN for the given internal ownCloud name of the group * @brief returns the LDAP DN for the given internal ownCloud name of the group
* @param string $name the ownCloud name in question * @param string $name the ownCloud name in question
* @returns string with the LDAP DN on success, otherwise false * @return string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the group
*/ */
public function groupname2dn($name) { public function groupname2dn($name) {
$dn = $this->ocname2dn($name, false); $dn = $this->ocname2dn($name, false);
@ -192,10 +201,8 @@ class Access extends LDAPUtility {
/** /**
* @brief returns the LDAP DN for the given internal ownCloud name of the user * @brief returns the LDAP DN for the given internal ownCloud name of the user
* @param $name the ownCloud name in question * @param string $name the ownCloud name in question
* @returns string with the LDAP DN on success, otherwise false * @return string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the user
*/ */
public function username2dn($name) { public function username2dn($name) {
$dn = $this->ocname2dn($name, true); $dn = $this->ocname2dn($name, true);
@ -210,11 +217,9 @@ class Access extends LDAPUtility {
/** /**
* @brief returns the LDAP DN for the given internal ownCloud name * @brief returns the LDAP DN for the given internal ownCloud name
* @param $name the ownCloud name in question * @param string $name the ownCloud name in question
* @param boolean $isUser is it a user? otherwise group * @param boolean $isUser is it a user? otherwise group
* @returns string with the LDAP DN on success, otherwise false * @return string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name
*/ */
private function ocname2dn($name, $isUser) { private function ocname2dn($name, $isUser) {
$table = $this->getMapTable($isUser); $table = $this->getMapTable($isUser);
@ -230,15 +235,12 @@ class Access extends LDAPUtility {
} }
/** /**
* @brief returns the internal ownCloud name for the given LDAP DN of the group * @brief returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
* @param $dn the dn of the group object * @param string $dn the dn of the group object
* @param $ldapname optional, the display name of the object * @param string $ldapName optional, the display name of the object
* @returns string with with the name to use in ownCloud, false on DN outside of search DN * @return string with the name to use in ownCloud, false on DN outside of search DN
*
* returns the internal ownCloud name for the given LDAP DN of the
* group, false on DN outside of search DN or failure
*/ */
public function dn2groupname($dn, $ldapname = null) { public function dn2groupname($dn, $ldapName = null) {
//To avoid bypassing the base DN settings under certain circumstances //To avoid bypassing the base DN settings under certain circumstances
//with the group support, check whether the provided DN matches one of //with the group support, check whether the provided DN matches one of
//the given Bases //the given Bases
@ -246,18 +248,16 @@ class Access extends LDAPUtility {
return false; return false;
} }
return $this->dn2ocname($dn, $ldapname, false); return $this->dn2ocname($dn, $ldapName, false);
} }
/** /**
* @brief returns the internal ownCloud name for the given LDAP DN of the user * @brief returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
* @param $dn the dn of the user object * @param string $dn the dn of the user object
* @param $ldapname optional, the display name of the object * @param string $ldapName optional, the display name of the object
* @returns string with with the name to use in ownCloud * @return string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
*/ */
public function dn2username($dn, $ldapname = null) { public function dn2username($dn, $ldapName = null) {
//To avoid bypassing the base DN settings under certain circumstances //To avoid bypassing the base DN settings under certain circumstances
//with the group support, check whether the provided DN matches one of //with the group support, check whether the provided DN matches one of
//the given Bases //the given Bases
@ -265,19 +265,17 @@ class Access extends LDAPUtility {
return false; return false;
} }
return $this->dn2ocname($dn, $ldapname, true); return $this->dn2ocname($dn, $ldapName, true);
} }
/** /**
* @brief returns an internal ownCloud name for the given LDAP DN * @brief returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
* @param $dn the dn of the user object * @param string $dn the dn of the user object
* @param $ldapname optional, the display name of the object * @param string $ldapName optional, the display name of the object
* @param $isUser optional, wether it is a user object (otherwise group assumed) * @param bool $isUser optional, whether it is a user object (otherwise group assumed)
* @returns string with with the name to use in ownCloud * @return string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
*/ */
public function dn2ocname($dn, $ldapname = null, $isUser = true) { public function dn2ocname($dn, $ldapName = null, $isUser = true) {
$table = $this->getMapTable($isUser); $table = $this->getMapTable($isUser);
if($isUser) { if($isUser) {
$fncFindMappedName = 'findMappedUser'; $fncFindMappedName = 'findMappedUser';
@ -288,9 +286,9 @@ class Access extends LDAPUtility {
} }
//let's try to retrieve the ownCloud name from the mappings table //let's try to retrieve the ownCloud name from the mappings table
$ocname = $this->$fncFindMappedName($dn); $ocName = $this->$fncFindMappedName($dn);
if($ocname) { if($ocName) {
return $ocname; return $ocName;
} }
//second try: get the UUID and check if it is known. Then, update the DN and return the name. //second try: get the UUID and check if it is known. Then, update the DN and return the name.
@ -317,13 +315,13 @@ class Access extends LDAPUtility {
return false; return false;
} }
if(is_null($ldapname)) { if(is_null($ldapName)) {
$ldapname = $this->readAttribute($dn, $nameAttribute); $ldapName = $this->readAttribute($dn, $nameAttribute);
if(!isset($ldapname[0]) && empty($ldapname[0])) { if(!isset($ldapName[0]) && empty($ldapName[0])) {
\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$dn.'.', \OCP\Util::INFO); \OCP\Util::writeLog('user_ldap', 'No or empty name for '.$dn.'.', \OCP\Util::INFO);
return false; return false;
} }
$ldapname = $ldapname[0]; $ldapName = $ldapName[0];
} }
if($isUser) { if($isUser) {
@ -334,27 +332,27 @@ class Access extends LDAPUtility {
} else { } else {
$username = $uuid; $username = $uuid;
} }
$intname = $this->sanitizeUsername($username); $intName = $this->sanitizeUsername($username);
} else { } else {
$intname = $ldapname; $intName = $ldapName;
} }
//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups //a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
//disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check //disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
$originalTTL = $this->connection->ldapCacheTTL; $originalTTL = $this->connection->ldapCacheTTL;
$this->connection->setConfiguration(array('ldapCacheTTL' => 0)); $this->connection->setConfiguration(array('ldapCacheTTL' => 0));
if(($isUser && !\OCP\User::userExists($intname)) if(($isUser && !\OCP\User::userExists($intName))
|| (!$isUser && !\OC_Group::groupExists($intname))) { || (!$isUser && !\OC_Group::groupExists($intName))) {
if($this->mapComponent($dn, $intname, $isUser)) { if($this->mapComponent($dn, $intName, $isUser)) {
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL)); $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
return $intname; return $intName;
} }
} }
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL)); $this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
$altname = $this->createAltInternalOwnCloudName($intname, $isUser); $altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if($this->mapComponent($dn, $altname, $isUser)) { if($this->mapComponent($dn, $altName, $isUser)) {
return $altname; return $altName;
} }
//if everything else did not help.. //if everything else did not help..
@ -364,8 +362,8 @@ class Access extends LDAPUtility {
/** /**
* @brief gives back the user names as they are used ownClod internally * @brief gives back the user names as they are used ownClod internally
* @param $ldapGroups an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... ) * @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
* @returns an array with the user names to use in ownCloud * @return array an array with the user names to use in ownCloud
* *
* gives back the user names as they are used ownClod internally * gives back the user names as they are used ownClod internally
*/ */
@ -375,8 +373,8 @@ class Access extends LDAPUtility {
/** /**
* @brief gives back the group names as they are used ownClod internally * @brief gives back the group names as they are used ownClod internally
* @param $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... ) * @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
* @returns an array with the group names to use in ownCloud * @return array an array with the group names to use in ownCloud
* *
* gives back the group names as they are used ownClod internally * gives back the group names as they are used ownClod internally
*/ */
@ -384,6 +382,10 @@ class Access extends LDAPUtility {
return $this->ldap2ownCloudNames($ldapGroups, false); return $this->ldap2ownCloudNames($ldapGroups, false);
} }
/**
* @param $dn
* @return bool|string
*/
private function findMappedUser($dn) { private function findMappedUser($dn) {
static $query = null; static $query = null;
if(is_null($query)) { if(is_null($query)) {
@ -400,6 +402,10 @@ class Access extends LDAPUtility {
return false; return false;
} }
/**
* @param $dn
* @return bool|string
*/
private function findMappedGroup($dn) { private function findMappedGroup($dn) {
static $query = null; static $query = null;
if(is_null($query)) { if(is_null($query)) {
@ -416,9 +422,10 @@ class Access extends LDAPUtility {
return false; return false;
} }
/** /**
* @param boolean $isUsers * @param $ldapObjects
* @param bool $isUsers
* @return array
*/ */
private function ldap2ownCloudNames($ldapObjects, $isUsers) { private function ldap2ownCloudNames($ldapObjects, $isUsers) {
if($isUsers) { if($isUsers) {
@ -430,13 +437,13 @@ class Access extends LDAPUtility {
foreach($ldapObjects as $ldapObject) { foreach($ldapObjects as $ldapObject) {
$nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null; $nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
$ocname = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers); $ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
if($ocname) { if($ocName) {
$ownCloudNames[] = $ocname; $ownCloudNames[] = $ocName;
if($isUsers) { if($isUsers) {
//cache the user names so it does not need to be retrieved //cache the user names so it does not need to be retrieved
//again later (e.g. sharing dialogue). //again later (e.g. sharing dialogue).
$this->cacheUserDisplayName($ocname, $nameByLDAP); $this->cacheUserDisplayName($ocName, $nameByLDAP);
} }
} }
continue; continue;
@ -446,18 +453,18 @@ class Access extends LDAPUtility {
/** /**
* @brief caches the user display name * @brief caches the user display name
* @param string the internal owncloud username * @param string $ocName the internal ownCloud username
* @param string the display name * @param string $displayName the display name
*/ */
public function cacheUserDisplayName($ocname, $displayName) { public function cacheUserDisplayName($ocName, $displayName) {
$cacheKeyTrunk = 'getDisplayName'; $cacheKeyTrunk = 'getDisplayName';
$this->connection->writeToCache($cacheKeyTrunk.$ocname, $displayName); $this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
} }
/** /**
* @brief creates a unique name for internal ownCloud use for users. Don't call it directly. * @brief creates a unique name for internal ownCloud use for users. Don't call it directly.
* @param $name the display name of the object * @param string $name the display name of the object
* @returns string with with the name to use in ownCloud or false if unsuccessful * @return string with with the name to use in ownCloud or false if unsuccessful
* *
* Instead of using this method directly, call * Instead of using this method directly, call
* createAltInternalOwnCloudName($name, true) * createAltInternalOwnCloudName($name, true)
@ -478,8 +485,8 @@ class Access extends LDAPUtility {
/** /**
* @brief creates a unique name for internal ownCloud use for groups. Don't call it directly. * @brief creates a unique name for internal ownCloud use for groups. Don't call it directly.
* @param $name the display name of the object * @param string $name the display name of the object
* @returns string with with the name to use in ownCloud or false if unsuccessful. * @return string with with the name to use in ownCloud or false if unsuccessful.
* *
* Instead of using this method directly, call * Instead of using this method directly, call
* createAltInternalOwnCloudName($name, false) * createAltInternalOwnCloudName($name, false)
@ -504,17 +511,17 @@ class Access extends LDAPUtility {
$lastNo = 1; //will become name_2 $lastNo = 1; //will become name_2
} else { } else {
natsort($usedNames); natsort($usedNames);
$lastname = array_pop($usedNames); $lastName = array_pop($usedNames);
$lastNo = intval(substr($lastname, strrpos($lastname, '_') + 1)); $lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
} }
$altName = $name.'_'.strval($lastNo+1); $altName = $name.'_'.strval($lastNo+1);
unset($usedNames); unset($usedNames);
$attempts = 1; $attempts = 1;
while($attempts < 21){ while($attempts < 21){
//Pro forma check to be really sure it is unique // Check to be really sure it is unique
//while loop is just a precaution. If a name is not generated within // while loop is just a precaution. If a name is not generated within
//20 attempts, something else is very wrong. Avoids infinite loop. // 20 attempts, something else is very wrong. Avoids infinite loop.
if(!\OC_Group::groupExists($altName)) { if(!\OC_Group::groupExists($altName)) {
return $altName; return $altName;
} }
@ -526,9 +533,9 @@ class Access extends LDAPUtility {
/** /**
* @brief creates a unique name for internal ownCloud use. * @brief creates a unique name for internal ownCloud use.
* @param $name the display name of the object * @param string $name the display name of the object
* @param boolean $isUser whether name should be created for a user (true) or a group (false) * @param boolean $isUser whether name should be created for a user (true) or a group (false)
* @returns string with with the name to use in ownCloud or false if unsuccessful * @return string with with the name to use in ownCloud or false if unsuccessful
*/ */
private function createAltInternalOwnCloudName($name, $isUser) { private function createAltInternalOwnCloudName($name, $isUser) {
$originalTTL = $this->connection->ldapCacheTTL; $originalTTL = $this->connection->ldapCacheTTL;
@ -545,7 +552,7 @@ class Access extends LDAPUtility {
/** /**
* @brief retrieves all known groups from the mappings table * @brief retrieves all known groups from the mappings table
* @returns array with the results * @return array with the results
* *
* retrieves all known groups from the mappings table * retrieves all known groups from the mappings table
*/ */
@ -555,7 +562,7 @@ class Access extends LDAPUtility {
/** /**
* @brief retrieves all known users from the mappings table * @brief retrieves all known users from the mappings table
* @returns array with the results * @return array with the results
* *
* retrieves all known users from the mappings table * retrieves all known users from the mappings table
*/ */
@ -579,19 +586,19 @@ class Access extends LDAPUtility {
/** /**
* @brief inserts a new user or group into the mappings table * @brief inserts a new user or group into the mappings table
* @param $dn the record in question * @param string $dn the record in question
* @param $ocname the name to use in ownCloud * @param string $ocName the name to use in ownCloud
* @param $isUser is it a user or a group? * @param bool $isUser is it a user or a group?
* @returns true on success, false otherwise * @return bool true on success, false otherwise
* *
* inserts a new user or group into the mappings table * inserts a new user or group into the mappings table
*/ */
private function mapComponent($dn, $ocname, $isUser = true) { private function mapComponent($dn, $ocName, $isUser = true) {
$table = $this->getMapTable($isUser); $table = $this->getMapTable($isUser);
$sqlAdjustment = ''; $sqlAdjustment = '';
$dbtype = \OCP\Config::getSystemValue('dbtype'); $dbType = \OCP\Config::getSystemValue('dbtype');
if($dbtype === 'mysql') { if($dbType === 'mysql') {
$sqlAdjustment = 'FROM DUAL'; $sqlAdjustment = 'FROM DUAL';
} }
@ -607,9 +614,9 @@ class Access extends LDAPUtility {
'); ');
//feed the DB //feed the DB
$insRows = $insert->execute(array($dn, $ocname, $insRows = $insert->execute(array($dn, $ocName,
$this->getUUID($dn, $isUser), $dn, $this->getUUID($dn, $isUser), $dn,
$ocname)); $ocName));
if(\OCP\DB::isError($insRows)) { if(\OCP\DB::isError($insRows)) {
return false; return false;
@ -623,24 +630,31 @@ class Access extends LDAPUtility {
} }
/** /**
* @param integer $limit * @param $filter
* @param integer $offset * @param $attr
* @param int $limit
* @param int $offset
* @return array
*/ */
public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) { public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) {
return $this->fetchList($this->searchUsers($filter, $attr, $limit, $offset), (count($attr) > 1)); return $this->fetchList($this->searchUsers($filter, $attr, $limit, $offset), (count($attr) > 1));
} }
/** /**
* @param string $filter * @param $filter
* @param integer $limit * @param $attr
* @param integer $offset * @param int $limit
* @param int $offset
* @return array
*/ */
public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) { public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1)); return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1));
} }
/** /**
* @param boolean $manyAttributes * @param $list
* @param bool $manyAttributes
* @return array
*/ */
private function fetchList($list, $manyAttributes) { private function fetchList($list, $manyAttributes) {
if(is_array($list)) { if(is_array($list)) {
@ -657,11 +671,11 @@ class Access extends LDAPUtility {
/** /**
* @brief executes an LDAP search, optimized for Users * @brief executes an LDAP search, optimized for Users
* @param $filter the LDAP filter for the search * @param string $filter the LDAP filter for the search
* @param $attr optional, when a certain attribute shall be filtered out * @param string $attr optional, when a certain attribute shall be filtered out
* @param integer $limit * @param integer $limit
* @param integer $offset * @param integer $offset
* @returns array with the search result * @return array with the search result
* *
* Executes an LDAP search * Executes an LDAP search
*/ */
@ -671,6 +685,10 @@ class Access extends LDAPUtility {
/** /**
* @param string $filter * @param string $filter
* @param array $attr
* @param int $limit
* @param int $offset
* @return false|int
*/ */
public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) { public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) {
return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset); return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
@ -679,10 +697,10 @@ class Access extends LDAPUtility {
/** /**
* @brief executes an LDAP search, optimized for Groups * @brief executes an LDAP search, optimized for Groups
* @param string $filter the LDAP filter for the search * @param string $filter the LDAP filter for the search
* @param $attr optional, when a certain attribute shall be filtered out * @param string $attr optional, when a certain attribute shall be filtered out
* @param integer $limit * @param integer $limit
* @param integer $offset * @param integer $offset
* @returns array with the search result * @return array with the search result
* *
* Executes an LDAP search * Executes an LDAP search
*/ */
@ -692,13 +710,13 @@ class Access extends LDAPUtility {
/** /**
* @brief prepares and executes an LDAP search operation * @brief prepares and executes an LDAP search operation
* @param $filter the LDAP filter for the search * @param string $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched * @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be * @param array $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array. * retrieved. Results will according to the order in the array.
* @param $limit optional, maximum results to be counted * @param int $limit optional, maximum results to be counted
* @param $offset optional, a starting point * @param int $offset optional, a starting point
* @returns array with the search result as first value and pagedSearchOK as * @return array|false array with the search result as first value and pagedSearchOK as
* second | false if not successful * second | false if not successful
*/ */
private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) { private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
@ -715,7 +733,7 @@ class Access extends LDAPUtility {
return false; return false;
} }
//check wether paged search should be attempted //check whether paged search should be attempted
$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, $limit, $offset); $pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, $limit, $offset);
$linkResources = array_pad(array(), count($base), $cr); $linkResources = array_pad(array(), count($base), $cr);
@ -738,16 +756,16 @@ class Access extends LDAPUtility {
/** /**
* @brief processes an LDAP paged search operation * @brief processes an LDAP paged search operation
* @param $sr the array containing the LDAP search resources * @param array $sr the array containing the LDAP search resources
* @param $filter the LDAP filter for the search * @param string $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched * @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param $iFoundItems number of results in the search operation * @param int $iFoundItems number of results in the search operation
* @param $limit maximum results to be counted * @param int $limit maximum results to be counted
* @param $offset a starting point * @param int $offset a starting point
* @param $pagedSearchOK whether a paged search has been executed * @param bool $pagedSearchOK whether a paged search has been executed
* @param boolean $skipHandling required for paged search when cookies to * @param bool $skipHandling required for paged search when cookies to
* prior results need to be gained * prior results need to be gained
* @returns array with the search result as first value and pagedSearchOK as * @returns array|false array with the search result as first value and pagedSearchOK as
* second | false if not successful * second | false if not successful
*/ */
private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) { private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
@ -780,14 +798,14 @@ class Access extends LDAPUtility {
/** /**
* @brief executes an LDAP search, but counts the results only * @brief executes an LDAP search, but counts the results only
* @param string $filter the LDAP filter for the search * @param string $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched * @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be * @param array $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array. * retrieved. Results will according to the order in the array.
* @param $limit optional, maximum results to be counted * @param int $limit optional, maximum results to be counted
* @param $offset optional, a starting point * @param int $offset optional, a starting point
* @param $skipHandling indicates whether the pages search operation is * @param bool $skipHandling indicates whether the pages search operation is
* completed * completed
* @returns int | false if the search could not be initialized * @returns int|false Integer or false if the search could not be initialized
* *
*/ */
private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) { private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
@ -799,7 +817,7 @@ class Access extends LDAPUtility {
$counter = 0; $counter = 0;
$count = null; $count = null;
$cr = $this->connection->getConnectionResource(); $this->connection->getConnectionResource();
do { do {
$continue = false; $continue = false;
@ -821,10 +839,15 @@ class Access extends LDAPUtility {
return $counter; return $counter;
} }
private function countEntriesInSearchResults($searchResults, $limit, /**
&$hasHitLimit) { * @param $searchResults
* @param $limit
* @param $hasHitLimit
* @return int
*/
private function countEntriesInSearchResults($searchResults, $limit, &$hasHitLimit) {
$cr = $this->connection->getConnectionResource(); $cr = $this->connection->getConnectionResource();
$count = 0; $counter = 0;
foreach($searchResults as $res) { foreach($searchResults as $res) {
$count = intval($this->ldap->countEntries($cr, $res)); $count = intval($this->ldap->countEntries($cr, $res));
@ -838,14 +861,14 @@ class Access extends LDAPUtility {
} }
/** /**
* @brief executes an LDAP search * @brief Executes an LDAP search
* @param $filter the LDAP filter for the search * @param string $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched * @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be * @param array $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array. * @param int $limit
* @returns array with the search result * @param int $offset
* * @param bool $skipHandling
* Executes an LDAP search * @return array with the search result
*/ */
private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) { private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
$search = $this->executeSearch($filter, $base, $attr, $limit, $offset); $search = $this->executeSearch($filter, $base, $attr, $limit, $offset);
@ -873,7 +896,7 @@ class Access extends LDAPUtility {
} }
$findings = array(); $findings = array();
foreach($sr as $key => $res) { foreach($sr as $res) {
$findings = array_merge($findings, $this->ldap->getEntries($cr , $res )); $findings = array_merge($findings, $this->ldap->getEntries($cr , $res ));
} }
@ -889,9 +912,9 @@ class Access extends LDAPUtility {
if(!is_null($attr)) { if(!is_null($attr)) {
$selection = array(); $selection = array();
$multiarray = false; $multiArray = false;
if(count($attr) > 1) { if(count($attr) > 1) {
$multiarray = true; $multiArray = true;
$i = 0; $i = 0;
} }
foreach($findings as $item) { foreach($findings as $item) {
@ -900,7 +923,7 @@ class Access extends LDAPUtility {
} }
$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8'); $item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
if($multiarray) { if($multiArray) {
foreach($attr as $key) { foreach($attr as $key) {
$key = mb_strtolower($key, 'UTF-8'); $key = mb_strtolower($key, 'UTF-8');
if(isset($item[$key])) { if(isset($item[$key])) {
@ -931,7 +954,7 @@ class Access extends LDAPUtility {
$findings = $selection; $findings = $selection;
} }
//we slice the findings, when //we slice the findings, when
//a) paged search insuccessful, though attempted //a) paged search unsuccessful, though attempted
//b) no paged search, but limit set //b) no paged search, but limit set
if((!$this->getPagedSearchResultState() if((!$this->getPagedSearchResultState()
&& $pagedSearchOK) && $pagedSearchOK)
@ -945,19 +968,23 @@ class Access extends LDAPUtility {
return $findings; return $findings;
} }
/**
* @param $name
* @return bool|mixed|string
*/
public function sanitizeUsername($name) { public function sanitizeUsername($name) {
if($this->connection->ldapIgnoreNamingRules) { if($this->connection->ldapIgnoreNamingRules) {
return $name; return $name;
} }
// Translitaration // Transliteration
//latin characters to ASCII // latin characters to ASCII
$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name); $name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
//REPLACEMENTS // Replacements
$name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8'); $name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8');
//every remaining unallowed characters will be removed // Every remaining disallowed characters will be removed
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
return $name; return $name;
@ -966,7 +993,7 @@ class Access extends LDAPUtility {
/** /**
* @brief escapes (user provided) parts for LDAP filter * @brief escapes (user provided) parts for LDAP filter
* @param string $input, the provided value * @param string $input, the provided value
* @return the escaped string * @return string the escaped string
*/ */
public function escapeFilterPart($input) { public function escapeFilterPart($input) {
$search = array('*', '\\', '(', ')'); $search = array('*', '\\', '(', ')');
@ -977,9 +1004,7 @@ class Access extends LDAPUtility {
/** /**
* @brief combines the input filters with AND * @brief combines the input filters with AND
* @param $filters array, the filters to connect * @param $filters array, the filters to connect
* @returns the combined filter * @return string the combined filter
*
* Combines Filter arguments with AND
*/ */
public function combineFilterWithAnd($filters) { public function combineFilterWithAnd($filters) {
return $this->combineFilter($filters, '&'); return $this->combineFilter($filters, '&');
@ -988,9 +1013,7 @@ class Access extends LDAPUtility {
/** /**
* @brief combines the input filters with AND * @brief combines the input filters with AND
* @param $filters array, the filters to connect * @param $filters array, the filters to connect
* @returns the combined filter * @return string the combined filter
*
* Combines Filter arguments with AND
*/ */
public function combineFilterWithOr($filters) { public function combineFilterWithOr($filters) {
return $this->combineFilter($filters, '|'); return $this->combineFilter($filters, '|');
@ -1000,9 +1023,7 @@ class Access extends LDAPUtility {
* @brief combines the input filters with given operator * @brief combines the input filters with given operator
* @param $filters array, the filters to connect * @param $filters array, the filters to connect
* @param string $operator either & or | * @param string $operator either & or |
* @returns the combined filter * @return string the combined filter
*
* Combines Filter arguments with AND
*/ */
private function combineFilter($filters, $operator) { private function combineFilter($filters, $operator) {
$combinedFilter = '('.$operator; $combinedFilter = '('.$operator;
@ -1017,7 +1038,7 @@ class Access extends LDAPUtility {
} }
/** /**
* @brief creates a filter part for to perfrom search for users * @brief creates a filter part for to perform search for users
* @param string $search the search term * @param string $search the search term
* @return string the final filter part to use in LDAP searches * @return string the final filter part to use in LDAP searches
*/ */
@ -1028,7 +1049,7 @@ class Access extends LDAPUtility {
} }
/** /**
* @brief creates a filter part for to perfrom search for groups * @brief creates a filter part for to perform search for groups
* @param string $search the search term * @param string $search the search term
* @return string the final filter part to use in LDAP searches * @return string the final filter part to use in LDAP searches
*/ */
@ -1041,9 +1062,10 @@ class Access extends LDAPUtility {
/** /**
* @brief creates a filter part for searches * @brief creates a filter part for searches
* @param string $search the search term * @param string $search the search term
* @param $searchAttributes
* @param string $fallbackAttribute a fallback attribute in case the user * @param string $fallbackAttribute a fallback attribute in case the user
* did not define search attributes. Typically the display name attribute. * did not define search attributes. Typically the display name attribute.
* @returns string the final filter part to use in LDAP searches * @return string the final filter part to use in LDAP searches
*/ */
private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) { private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
$filter = array(); $filter = array();
@ -1065,7 +1087,9 @@ class Access extends LDAPUtility {
} }
/** /**
* @param string $name
* @param string $password * @param string $password
* @return bool
*/ */
public function areCredentialsValid($name, $password) { public function areCredentialsValid($name, $password) {
$name = $this->DNasBaseParameter($name); $name = $this->DNasBaseParameter($name);
@ -1084,8 +1108,9 @@ class Access extends LDAPUtility {
/** /**
* @brief auto-detects the directory's UUID attribute * @brief auto-detects the directory's UUID attribute
* @param $dn a known DN used to check against * @param string $dn a known DN used to check against
* @param $force the detection should be run, even if it is not set to auto * @param bool $isUser
* @param bool $force the detection should be run, even if it is not set to auto
* @returns true on success, false otherwise * @returns true on success, false otherwise
*/ */
private function detectUuidAttribute($dn, $isUser = true, $force = false) { private function detectUuidAttribute($dn, $isUser = true, $force = false) {
@ -1106,7 +1131,7 @@ class Access extends LDAPUtility {
return true; return true;
} }
//for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID // for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
$testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid'); $testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid');
foreach($testAttributes as $attribute) { foreach($testAttributes as $attribute) {
@ -1126,6 +1151,11 @@ class Access extends LDAPUtility {
return false; return false;
} }
/**
* @param $dn
* @param bool $isUser
* @return array|bool|false
*/
public function getUUID($dn, $isUser = true) { public function getUUID($dn, $isUser = true) {
if($isUser) { if($isUser) {
$uuidAttr = 'ldapUuidUserAttribute'; $uuidAttr = 'ldapUuidUserAttribute';
@ -1154,11 +1184,9 @@ class Access extends LDAPUtility {
/** /**
* @brief converts a binary ObjectGUID into a string representation * @brief converts a binary ObjectGUID into a string representation
* @param $oguid the ObjectGUID in it's binary form as retrieved from AD * @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
* @returns String * @return string
* * @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
* converts a binary ObjectGUID into a string representation
* http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
*/ */
private function convertObjectGUID2Str($oguid) { private function convertObjectGUID2Str($oguid) {
$hex_guid = bin2hex($oguid); $hex_guid = bin2hex($oguid);
@ -1181,12 +1209,9 @@ class Access extends LDAPUtility {
} }
/** /**
* @brief converts a stored DN so it can be used as base parameter for LDAP queries * @brief converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
* @param $dn the DN * @param string $dn the DN
* @returns String * @return string
*
* converts a stored DN so it can be used as base parameter for LDAP queries
* internally we store them for usage in LDAP filters
*/ */
private function DNasBaseParameter($dn) { private function DNasBaseParameter($dn) {
return str_ireplace('\\5c', '\\', $dn); return str_ireplace('\\5c', '\\', $dn);
@ -1194,12 +1219,14 @@ class Access extends LDAPUtility {
/** /**
* @brief checks if the given DN is part of the given base DN(s) * @brief checks if the given DN is part of the given base DN(s)
* @param $dn the DN * @param string $dn the DN
* @param $bases array containing the allowed base DN or DNs * @param $bases array containing the allowed base DN or DNs
* @returns Boolean * @return bool
*/ */
private function isDNPartOfBase($dn, $bases) { private function isDNPartOfBase($dn, $bases) {
$belongsToBase = false;
$bases = $this->sanitizeDN($bases); $bases = $this->sanitizeDN($bases);
foreach($bases as $base) { foreach($bases as $base) {
$belongsToBase = true; $belongsToBase = true;
if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) { if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) {
@ -1214,10 +1241,10 @@ class Access extends LDAPUtility {
/** /**
* @brief get a cookie for the next LDAP paged search * @brief get a cookie for the next LDAP paged search
* @param $base a string with the base DN for the search * @param string $base a string with the base DN for the search
* @param $filter the search filter to identify the correct search * @param string $filter the search filter to identify the correct search
* @param $limit the limit (or 'pageSize'), to identify the correct search well * @param int $limit the limit (or 'pageSize'), to identify the correct search well
* @param $offset the offset for the new search to identify the correct search really good * @param int $offset the offset for the new search to identify the correct search really good
* @returns string containing the key or empty if none is cached * @returns string containing the key or empty if none is cached
*/ */
private function getPagedResultCookie($base, $filter, $limit, $offset) { private function getPagedResultCookie($base, $filter, $limit, $offset) {
@ -1226,10 +1253,10 @@ class Access extends LDAPUtility {
} }
$offset -= $limit; $offset -= $limit;
//we work with cache here //we work with cache here
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset); $cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
$cookie = ''; $cookie = '';
if(isset($this->cookies[$cachekey])) { if(isset($this->cookies[$cacheKey])) {
$cookie = $this->cookies[$cachekey]; $cookie = $this->cookies[$cacheKey];
if(is_null($cookie)) { if(is_null($cookie)) {
$cookie = ''; $cookie = '';
} }
@ -1239,22 +1266,22 @@ class Access extends LDAPUtility {
/** /**
* @brief set a cookie for LDAP paged search run * @brief set a cookie for LDAP paged search run
* @param $base a string with the base DN for the search * @param string $base a string with the base DN for the search
* @param $filter the search filter to identify the correct search * @param string $filter the search filter to identify the correct search
* @param $limit the limit (or 'pageSize'), to identify the correct search well * @param int $limit the limit (or 'pageSize'), to identify the correct search well
* @param $offset the offset for the run search to identify the correct search really good * @param int $offset the offset for the run search to identify the correct search really good
* @param $cookie string containing the cookie returned by ldap_control_paged_result_response * @param string $cookie string containing the cookie returned by ldap_control_paged_result_response
* @return void * @return void
*/ */
private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) { private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) {
if(!empty($cookie)) { if(!empty($cookie)) {
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset); $cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
$this->cookies[$cachekey] = $cookie; $this->cookies[$cacheKey] = $cookie;
} }
} }
/** /**
* @brief check wether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search. * @brief Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
* @return boolean|null true on success, null or false otherwise * @return boolean|null true on success, null or false otherwise
*/ */
public function getPagedSearchResultState() { public function getPagedSearchResultState() {
@ -1263,15 +1290,14 @@ class Access extends LDAPUtility {
return $result; return $result;
} }
/** /**
* @brief prepares a paged search, if possible * @brief Prepares a paged search, if possible
* @param $filter the LDAP filter for the search * @param string $filter the LDAP filter for the search
* @param $bases an array containing the LDAP subtree(s) that shall be searched * @param array $bases an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, when a certain attribute shall be filtered outside * @param array $attr optional, when a certain attribute shall be filtered outside
* @param $limit * @param int $limit
* @param $offset * @param int $offset
* * @return bool|true
*/ */
private function initPagedSearch($filter, $bases, $attr, $limit, $offset) { private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
$pagedSearchOK = false; $pagedSearchOK = false;
@ -1287,8 +1313,9 @@ class Access extends LDAPUtility {
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset); $cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
if(empty($cookie) && ($offset > 0)) { if(empty($cookie) && ($offset > 0)) {
// no cookie known, although the offset is not 0. Maybe cache run out. We need // no cookie known, although the offset is not 0. Maybe cache run out. We need
// to start all over *sigh* (btw, Dear Reader, did you need LDAP paged // to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
// searching was designed by MSFT?) // searching was designed by MSFT?)
// Lukas: No, but thanks to reading that source I finally know!
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit; $reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
//a bit recursive, $offset of 0 is the exit //a bit recursive, $offset of 0 is the exit
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO); \OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);

2
apps/user_ldap/lib/backendutility.php
View File

@ -30,7 +30,7 @@ abstract class BackendUtility {
/** /**
* @brief constructor, make sure the subclasses call this one! * @brief constructor, make sure the subclasses call this one!
* @param $access an instance of Access for LDAP interaction * @param Access $access an instance of Access for LDAP interaction
*/ */
public function __construct(Access $access) { public function __construct(Access $access) {
$this->access = $access; $this->access = $access;

109
apps/user_ldap/lib/configuration.php
View File

@ -81,25 +81,37 @@ class Configuration {
); );
/** /**
* @param string $configPrefix * @param $configPrefix
* @param bool $autoRead
*/ */
public function __construct($configPrefix, $autoread = true) { public function __construct($configPrefix, $autoRead = true) {
$this->configPrefix = $configPrefix; $this->configPrefix = $configPrefix;
if($autoread) { if($autoRead) {
$this->readConfiguration(); $this->readConfiguration();
} }
} }
/**
* @param $name
* @return mixed|void
*/
public function __get($name) { public function __get($name) {
if(isset($this->config[$name])) { if(isset($this->config[$name])) {
return $this->config[$name]; return $this->config[$name];
} }
} }
/**
* @param $name
* @param $value
*/
public function __set($name, $value) { public function __set($name, $value) {
$this->setConfiguration(array($name => $value)); $this->setConfiguration(array($name => $value));
} }
/**
* @return array
*/
public function getConfiguration() { public function getConfiguration() {
return $this->config; return $this->config;
} }
@ -110,7 +122,7 @@ class Configuration {
* must call saveConfiguration afterwards. * must call saveConfiguration afterwards.
* @param $config array that holds the config parameters in an associated * @param $config array that holds the config parameters in an associated
* array * array
* @param &$applied optional; array where the set fields will be given to * @param array &$applied optional; array where the set fields will be given to
* @return false|null * @return false|null
*/ */
public function setConfiguration($config, &$applied = null) { public function setConfiguration($config, &$applied = null) {
@ -119,11 +131,11 @@ class Configuration {
} }
$cta = $this->getConfigTranslationArray(); $cta = $this->getConfigTranslationArray();
foreach($config as $inputkey => $val) { foreach($config as $inputKey => $val) {
if(strpos($inputkey, '_') !== false && array_key_exists($inputkey, $cta)) { if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) {
$key = $cta[$inputkey]; $key = $cta[$inputKey];
} elseif(array_key_exists($inputkey, $this->config)) { } elseif(array_key_exists($inputKey, $this->config)) {
$key = $inputkey; $key = $inputKey;
} else { } else {
continue; continue;
} }
@ -150,7 +162,7 @@ class Configuration {
} }
$this->$setMethod($key, $val); $this->$setMethod($key, $val);
if(is_array($applied)) { if(is_array($applied)) {
$applied[] = $inputkey; $applied[] = $inputKey;
} }
} }
@ -164,7 +176,7 @@ class Configuration {
//some are determined //some are determined
continue; continue;
} }
$dbkey = $cta[$key]; $dbKey = $cta[$key];
switch($key) { switch($key) {
case 'ldapBase': case 'ldapBase':
case 'ldapBaseUsers': case 'ldapBaseUsers':
@ -180,7 +192,7 @@ class Configuration {
break; break;
case 'ldapIgnoreNamingRules': case 'ldapIgnoreNamingRules':
$readMethod = 'getSystemValue'; $readMethod = 'getSystemValue';
$dbkey = $key; $dbKey = $key;
break; break;
case 'ldapAgentPassword': case 'ldapAgentPassword':
$readMethod = 'getPwd'; $readMethod = 'getPwd';
@ -193,7 +205,7 @@ class Configuration {
$readMethod = 'getValue'; $readMethod = 'getValue';
break; break;
} }
$this->config[$key] = $this->$readMethod($dbkey); $this->config[$key] = $this->$readMethod($dbKey);
} }
$this->configRead = true; $this->configRead = true;
} }
@ -237,8 +249,12 @@ class Configuration {
} }
} }
protected function getMultiLine($varname) { /**
$value = $this->getValue($varname); * @param $varName
* @return array|string
*/
protected function getMultiLine($varName) {
$value = $this->getValue($varName);
if(empty($value)) { if(empty($value)) {
$value = ''; $value = '';
} else { } else {
@ -248,7 +264,11 @@ class Configuration {
return $value; return $value;
} }
protected function setMultiLine($varname, $value) { /**
* @param $varName
* @param $value
*/
protected function setMultiLine($varName, $value) {
if(empty($value)) { if(empty($value)) {
$value = ''; $value = '';
} else if (!is_array($value)) { } else if (!is_array($value)) {
@ -258,44 +278,69 @@ class Configuration {
} }
} }
$this->setValue($varname, $value); $this->setValue($varName, $value);
} }
protected function getPwd($varname) { /**
return base64_decode($this->getValue($varname)); * @param $varName
* @return string
*/
protected function getPwd($varName) {
return base64_decode($this->getValue($varName));
} }
protected function getLcValue($varname) { /**
return mb_strtolower($this->getValue($varname), 'UTF-8'); * @param $varName
* @return string
*/
protected function getLcValue($varName) {
return mb_strtolower($this->getValue($varName), 'UTF-8');
} }
protected function getSystemValue($varname) { /**
* @param $varName
* @return string
*/
protected function getSystemValue($varName) {
//FIXME: if another system value is added, softcode the default value //FIXME: if another system value is added, softcode the default value
return \OCP\Config::getSystemValue($varname, false); return \OCP\Config::getSystemValue($varName, false);
} }
protected function getValue($varname) { /**
* @param $varName
* @return string
*/
protected function getValue($varName) {
static $defaults; static $defaults;
if(is_null($defaults)) { if(is_null($defaults)) {
$defaults = $this->getDefaults(); $defaults = $this->getDefaults();
} }
return \OCP\Config::getAppValue('user_ldap', return \OCP\Config::getAppValue('user_ldap',
$this->configPrefix.$varname, $this->configPrefix.$varName,
$defaults[$varname]); $defaults[$varName]);
} }
protected function setValue($varname, $value) { /**
$this->config[$varname] = $value; * @param $varName
* @param $value
*/
protected function setValue($varName, $value) {
$this->config[$varName] = $value;
} }
protected function saveValue($varname, $value) { /**
* @param $varName
* @param $value
* @return bool
*/
protected function saveValue($varName, $value) {
return \OCP\Config::setAppValue('user_ldap', return \OCP\Config::setAppValue('user_ldap',
$this->configPrefix.$varname, $this->configPrefix.$varName,
$value); $value);
} }
/** /**
* @returns an associative array with the default values. Keys are correspond * @return array an associative array with the default values. Keys are correspond
* to config-value entries in the database table * to config-value entries in the database table
*/ */
public function getDefaults() { public function getDefaults() {
@ -350,7 +395,7 @@ class Configuration {
} }
/** /**
* @return returns an array that maps internal variable names to database fields * @return array that maps internal variable names to database fields
*/ */
public function getConfigTranslationArray() { public function getConfigTranslationArray() {
//TODO: merge them into one representation //TODO: merge them into one representation

53
apps/user_ldap/lib/connection.php
View File

@ -43,8 +43,9 @@ class Connection extends LDAPUtility {
/** /**
* @brief Constructor * @brief Constructor
* @param $configPrefix a string with the prefix for the configkey column (appconfig table) * @param ILDAPWrapper $ldap
* @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections * @param string $configPrefix a string with the prefix for the configkey column (appconfig table)
* @param string $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
*/ */
public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') { public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
parent::__construct($ldap); parent::__construct($ldap);
@ -82,6 +83,10 @@ class Connection extends LDAPUtility {
!is_null($this->configID)); !is_null($this->configID));
} }
/**
* @param $name
* @return bool|mixed|void
*/
public function __get($name) { public function __get($name) {
if(!$this->configured) { if(!$this->configured) {
$this->readConfiguration(); $this->readConfiguration();
@ -94,6 +99,10 @@ class Connection extends LDAPUtility {
return $this->configuration->$name; return $this->configuration->$name;
} }
/**
* @param $name
* @param $value
*/
public function __set($name, $value) { public function __set($name, $value) {
$this->doNotValidate = false; $this->doNotValidate = false;
$before = $this->configuration->$name; $before = $this->configuration->$name;
@ -109,9 +118,7 @@ class Connection extends LDAPUtility {
/** /**
* @brief initializes the LDAP backend * @brief initializes the LDAP backend
* @param $force read the config settings no matter what * @param bool $force read the config settings no matter what
*
* initializes the LDAP backend
*/ */
public function init($force = false) { public function init($force = false) {
$this->readConfiguration($force); $this->readConfiguration($force);
@ -119,7 +126,7 @@ class Connection extends LDAPUtility {
} }
/** /**
* Returns the LDAP handler * @brief Returns the LDAP handler
*/ */
public function getConnectionResource() { public function getConnectionResource() {
if(!$this->ldapConnectionRes) { if(!$this->ldapConnectionRes) {
@ -135,7 +142,8 @@ class Connection extends LDAPUtility {
} }
/** /**
* @param string|null $key * @param $key
* @return string
*/ */
private function getCacheKey($key) { private function getCacheKey($key) {
$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-'; $prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
@ -146,7 +154,8 @@ class Connection extends LDAPUtility {
} }
/** /**
* @param string $key * @param $key
* @return mixed|null
*/ */
public function getFromCache($key) { public function getFromCache($key) {
if(!$this->configured) { if(!$this->configured) {
@ -165,7 +174,8 @@ class Connection extends LDAPUtility {
} }
/** /**
* @param string $key * @param $key
* @return bool
*/ */
public function isCached($key) { public function isCached($key) {
if(!$this->configured) { if(!$this->configured) {
@ -179,7 +189,8 @@ class Connection extends LDAPUtility {
} }
/** /**
* @param string $key * @param $key
* @param $value
*/ */
public function writeToCache($key, $value) { public function writeToCache($key, $value) {
if(!$this->configured) { if(!$this->configured) {
@ -200,7 +211,7 @@ class Connection extends LDAPUtility {
/** /**
* @brief Caches the general LDAP configuration. * @brief Caches the general LDAP configuration.
* @param $force optional. true, if the re-read should be forced. defaults * @param bool $force optional. true, if the re-read should be forced. defaults
* to false. * to false.
* @return null * @return null
*/ */
@ -214,7 +225,7 @@ class Connection extends LDAPUtility {
/** /**
* @brief set LDAP configuration with values delivered by an array, not read from configuration * @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array * @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to * @param array &$setParameters optional; array where the set fields will be given to
* @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters * @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/ */
public function setConfiguration($config, &$setParameters = null) { public function setConfiguration($config, &$setParameters = null) {
@ -326,9 +337,9 @@ class Connection extends LDAPUtility {
} }
//make sure empty search attributes are saved as simple, empty array //make sure empty search attributes are saved as simple, empty array
$sakeys = array('ldapAttributesForUserSearch', $saKeys = array('ldapAttributesForUserSearch',
'ldapAttributesForGroupSearch'); 'ldapAttributesForGroupSearch');
foreach($sakeys as $key) { foreach($saKeys as $key) {
$val = $this->configuration->$key; $val = $this->configuration->$key;
if(is_array($val) && count($val) === 1 && empty($val[0])) { if(is_array($val) && count($val) === 1 && empty($val[0])) {
$this->configuration->$key = array(); $this->configuration->$key = array();
@ -345,6 +356,9 @@ class Connection extends LDAPUtility {
} }
} }
/**
* @return bool
*/
private function doCriticalValidation() { private function doCriticalValidation() {
$configurationOK = true; $configurationOK = true;
$errorStr = 'Configuration Error (prefix '. $errorStr = 'Configuration Error (prefix '.
@ -435,8 +449,8 @@ class Connection extends LDAPUtility {
// necessary, but advisable. If left empty, give an info message // necessary, but advisable. If left empty, give an info message
$this->doSoftValidation(); $this->doSoftValidation();
//second step: critical checks. If left empty or filled wrong, set as //second step: critical checks. If left empty or filled wrong, mark as
//unconfigured and give a warning. //not configured and give a warning.
return $this->doCriticalValidation(); return $this->doCriticalValidation();
} }
@ -508,12 +522,17 @@ class Connection extends LDAPUtility {
} }
} }
/**
* @param $host
* @param $port
* @return false|void
*/
private function doConnect($host, $port) { private function doConnect($host, $port) {
if(empty($host)) { if(empty($host)) {
return false; return false;
} }
if(strpos($host, '://') !== false) { if(strpos($host, '://') !== false) {
//ldap_connect ignores port paramater when URLs are passed //ldap_connect ignores port parameter when URLs are passed
$host .= ':' . $port; $host .= ':' . $port;
} }
$this->ldapConnectionRes = $this->ldap->connect($host, $port); $this->ldapConnectionRes = $this->ldap->connect($host, $port);

12
apps/user_ldap/lib/helper.php
View File

@ -27,7 +27,7 @@ class Helper {
/** /**
* @brief returns prefixes for each saved LDAP/AD server configuration. * @brief returns prefixes for each saved LDAP/AD server configuration.
* @param bool optional, whether only active configuration shall be * @param bool $activeConfigurations optional, whether only active configuration shall be
* retrieved, defaults to false * retrieved, defaults to false
* @return array with a list of the available prefixes * @return array with a list of the available prefixes
* *
@ -80,7 +80,7 @@ class Helper {
/** /**
* *
* @brief determines the host for every configured connection * @brief determines the host for every configured connection
* @return an array with configprefix as keys * @return array an array with configprefix as keys
* *
*/ */
static public function getServerConfigurationHosts() { static public function getServerConfigurationHosts() {
@ -107,7 +107,7 @@ class Helper {
/** /**
* @brief deletes a given saved LDAP/AD server configuration. * @brief deletes a given saved LDAP/AD server configuration.
* @param string the configuration prefix of the config to delete * @param string $prefix the configuration prefix of the config to delete
* @return bool true on success, false otherwise * @return bool true on success, false otherwise
*/ */
static public function deleteServerConfiguration($prefix) { static public function deleteServerConfiguration($prefix) {
@ -148,7 +148,7 @@ class Helper {
* Truncate's the given mapping table * Truncate's the given mapping table
* *
* @param string $mapping either 'user' or 'group' * @param string $mapping either 'user' or 'group'
* @return boolean true on success, false otherwise * @return bool true on success, false otherwise
*/ */
static public function clearMapping($mapping) { static public function clearMapping($mapping) {
if($mapping === 'user') { if($mapping === 'user') {
@ -177,8 +177,8 @@ class Helper {
/** /**
* @brief extractsthe domain from a given URL * @brief extractsthe domain from a given URL
* @param $url the URL * @param string $url the URL
* @return mixed, domain as string on success, false otherwise * @return string|false domain as string on success, false otherwise
*/ */
static public function getDomainFromURL($url) { static public function getDomainFromURL($url) {
$uinfo = parse_url($url); $uinfo = parse_url($url);

116
apps/user_ldap/lib/ildapwrapper.php
View File

@ -30,9 +30,9 @@ interface ILDAPWrapper {
/** /**
* @brief Bind to LDAP directory * @brief Bind to LDAP directory
* @param resource $link LDAP link resource * @param resource $link LDAP link resource
* @param $dn an RDN to log in with * @param string $dn an RDN to log in with
* @param $password the password * @param string $password the password
* @return true on success, false otherwise * @return bool true on success, false otherwise
* *
* with $dn and $password as null a anonymous bind is attempted. * with $dn and $password as null a anonymous bind is attempted.
*/ */
@ -40,28 +40,28 @@ interface ILDAPWrapper {
/** /**
* @brief connect to an LDAP server * @brief connect to an LDAP server
* @param $host The host to connect to * @param string $host The host to connect to
* @param $port The port to connect to * @param string $port The port to connect to
* @return a link resource on success, otherwise false * @return mixed a link resource on success, otherwise false
*/ */
public function connect($host, $port); public function connect($host, $port);
/** /**
* @brief Send LDAP pagination control * @brief Send LDAP pagination control
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $pagesize number of results per page * @param int $pageSize number of results per page
* @param boolean $isCritical Indicates whether the pagination is critical of not. * @param bool $isCritical Indicates whether the pagination is critical of not.
* @param $cookie structure sent by LDAP server * @param array $cookie structure sent by LDAP server
* @return true on success, false otherwise * @return true on success, false otherwise
*/ */
public function controlPagedResult($link, $pagesize, $isCritical, $cookie); public function controlPagedResult($link, $pageSize, $isCritical, $cookie);
/** /**
* @brief Retrieve the LDAP pagination cookie * @brief Retrieve the LDAP pagination cookie
* @param $link LDAP link resource * @param $link LDAP link resource
* @param $result LDAP result resource * @param $result LDAP result resource
* @param $cookie structure sent by LDAP server * @param array $cookie structure sent by LDAP server
* @return boolean on success, false otherwise * @return bool true on success, false otherwise
* *
* Corresponds to ldap_control_paged_result_response * Corresponds to ldap_control_paged_result_response
*/ */
@ -69,101 +69,101 @@ interface ILDAPWrapper {
/** /**
* @brief Count the number of entries in a search * @brief Count the number of entries in a search
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $result LDAP result resource * @param resource $result LDAP result resource
* @return mixed, number of results on success, false otherwise * @return int|false number of results on success, false otherwise
*/ */
public function countEntries($link, $result); public function countEntries($link, $result);
/** /**
* @brief Return the LDAP error number of the last LDAP command * @brief Return the LDAP error number of the last LDAP command
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @return error message as string * @return string error message as string
*/ */
public function errno($link); public function errno($link);
/** /**
* @brief Return the LDAP error message of the last LDAP command * @brief Return the LDAP error message of the last LDAP command
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @return error code as integer * @return int error code as integer
*/ */
public function error($link); public function error($link);
/** /**
* @brief Return first result id * @brief Return first result id
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $result LDAP result resource * @param resource $result LDAP result resource
* @return an LDAP search result resource * @return Resource an LDAP search result resource
* */ * */
public function firstEntry($link, $result); public function firstEntry($link, $result);
/** /**
* @brief Get attributes from a search result entry * @brief Get attributes from a search result entry
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $result LDAP result resource * @param resource $result LDAP result resource
* @return array containing the results, false on error * @return array containing the results, false on error
* */ * */
public function getAttributes($link, $result); public function getAttributes($link, $result);
/** /**
* @brief Get the DN of a result entry * @brief Get the DN of a result entry
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $result LDAP result resource * @param resource $result LDAP result resource
* @return string containing the DN, false on error * @return string containing the DN, false on error
*/ */
public function getDN($link, $result); public function getDN($link, $result);
/** /**
* @brief Get all result entries * @brief Get all result entries
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $result LDAP result resource * @param resource $result LDAP result resource
* @return array containing the results, false on error * @return array containing the results, false on error
*/ */
public function getEntries($link, $result); public function getEntries($link, $result);
/** /**
* @brief Return next result id * @brief Return next result id
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param resource $result LDAP entry result resource * @param resource $result LDAP entry result resource
* @return an LDAP search result resource * @return resource an LDAP search result resource
* */ * */
public function nextEntry($link, $result); public function nextEntry($link, $result);
/** /**
* @brief Read an entry * @brief Read an entry
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $baseDN The DN of the entry to read from * @param array $baseDN The DN of the entry to read from
* @param $filter An LDAP filter * @param string $filter An LDAP filter
* @param $attr array of the attributes to read * @param array $attr array of the attributes to read
* @return an LDAP search result resource * @return resource an LDAP search result resource
*/ */
public function read($link, $baseDN, $filter, $attr); public function read($link, $baseDN, $filter, $attr);
/** /**
* @brief Search LDAP tree * @brief Search LDAP tree
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $baseDN The DN of the entry to read from * @param string $baseDN The DN of the entry to read from
* @param $filter An LDAP filter * @param string $filter An LDAP filter
* @param $attr array of the attributes to read * @param array $attr array of the attributes to read
* @param $attrsonly optional, 1 if only attribute types shall be returned * @param int $attrsOnly optional, 1 if only attribute types shall be returned
* @param $limit optional, limits the result entries * @param int $limit optional, limits the result entries
* @return an LDAP search result resource, false on error * @return resource|false an LDAP search result resource, false on error
*/ */
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0); public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0);
/** /**
* @brief Sets the value of the specified option to be $value * @brief Sets the value of the specified option to be $value
* @param $link LDAP link resource * @param resource $link LDAP link resource
* @param $option a defined LDAP Server option * @param string $option a defined LDAP Server option
* @param integer $value the new value for the option * @param int $value the new value for the option
* @return true on success, false otherwise * @return bool true on success, false otherwise
*/ */
public function setOption($link, $option, $value); public function setOption($link, $option, $value);
/** /**
* @brief establish Start TLS * @brief establish Start TLS
* @param $link LDAP link resource * @param resource|$link LDAP link resource
* @return true on success, false otherwise * @return bool true on success, false otherwise
*/ */
public function startTls($link); public function startTls($link);
@ -171,35 +171,35 @@ interface ILDAPWrapper {
* @brief Sort the result of a LDAP search * @brief Sort the result of a LDAP search
* @param $link LDAP link resource * @param $link LDAP link resource
* @param $result LDAP result resource * @param $result LDAP result resource
* @param $sortfilter attribute to use a key in sort * @param string $sortFilter attribute to use a key in sort
*/ */
public function sort($link, $result, $sortfilter); public function sort($link, $result, $sortFilter);
/** /**
* @brief Unbind from LDAP directory * @brief Unbind from LDAP directory
* @param resource $link LDAP link resource * @param resource $link LDAP link resource
* @return true on success, false otherwise * @return bool true on success, false otherwise
*/ */
public function unbind($link); public function unbind($link);
//additional required methods in owncloud //additional required methods in ownCloud
/** /**
* @brief Checks whether the server supports LDAP * @brief Checks whether the server supports LDAP
* @return boolean if it the case, false otherwise * @return bool true if it the case, false otherwise
* */ * */
public function areLDAPFunctionsAvailable(); public function areLDAPFunctionsAvailable();
/** /**
* @brief Checks whether PHP supports LDAP Paged Results * @brief Checks whether PHP supports LDAP Paged Results
* @return boolean if it the case, false otherwise * @return bool true if it the case, false otherwise
* */ * */
public function hasPagedResultSupport(); public function hasPagedResultSupport();
/** /**
* @brief Checks whether the submitted parameter is a resource * @brief Checks whether the submitted parameter is a resource
* @param $resource the resource variable to check * @param resource $resource the resource variable to check
* @return boolean if it is a resource, false otherwise * @return bool true if it is a resource, false otherwise
*/ */
public function isResource($resource); public function isResource($resource);

21
apps/user_ldap/lib/jobs.php
View File

@ -33,6 +33,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
$this->interval = self::getRefreshInterval(); $this->interval = self::getRefreshInterval();
} }
/**
* @param $argument
*/
public function run($argument){ public function run($argument){
Jobs::updateGroups(); Jobs::updateGroups();
} }
@ -57,11 +60,17 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Finished.', \OCP\Util::DEBUG); \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Finished.', \OCP\Util::DEBUG);
} }
/**
* @return int
*/
static private function getRefreshInterval() { static private function getRefreshInterval() {
//defaults to every hour //defaults to every hour
return \OCP\Config::getAppValue('user_ldap', 'bgjRefreshInterval', 3600); return \OCP\Config::getAppValue('user_ldap', 'bgjRefreshInterval', 3600);
} }
/**
* @param $groups
*/
static private function handleKnownGroups($groups) { static private function handleKnownGroups($groups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Dealing with known Groups.', \OCP\Util::DEBUG); \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Dealing with known Groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare(' $query = \OCP\DB::prepare('
@ -97,6 +106,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG); \OCP\Util::DEBUG);
} }
/**
* @param $createdGroups
*/
static private function handleCreatedGroups($createdGroups) { static private function handleCreatedGroups($createdGroups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with created Groups.', \OCP\Util::DEBUG); \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with created Groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare(' $query = \OCP\DB::prepare('
@ -116,6 +128,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG); \OCP\Util::DEBUG);
} }
/**
* @param $removedGroups
*/
static private function handleRemovedGroups($removedGroups) { static private function handleRemovedGroups($removedGroups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with removed groups.', \OCP\Util::DEBUG); \OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with removed groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare(' $query = \OCP\DB::prepare('
@ -134,6 +149,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG); \OCP\Util::DEBUG);
} }
/**
* @return \OCA\user_ldap\GROUP_LDAP|\OCA\user_ldap\Group_Proxy
*/
static private function getGroupBE() { static private function getGroupBE() {
if(!is_null(self::$groupBE)) { if(!is_null(self::$groupBE)) {
return self::$groupBE; return self::$groupBE;
@ -152,6 +170,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
return self::$groupBE; return self::$groupBE;
} }
/**
* @return array
*/
static private function getKnownGroups() { static private function getKnownGroups() {
if(is_array(self::$groupsFromDB)) { if(is_array(self::$groupsFromDB)) {
return self::$groupsFromDB; return self::$groupsFromDB;

121
apps/user_ldap/lib/ldap.php
View File

@ -27,14 +27,31 @@ class LDAP implements ILDAPWrapper {
protected $curFunc = ''; protected $curFunc = '';
protected $curArgs = array(); protected $curArgs = array();
/**
* @param resource $link
* @param string $dn
* @param string $password
* @return bool|mixed
*/
public function bind($link, $dn, $password) { public function bind($link, $dn, $password) {
return $this->invokeLDAPMethod('bind', $link, $dn, $password); return $this->invokeLDAPMethod('bind', $link, $dn, $password);
} }
/**
* @param string $host
* @param string $port
* @return mixed
*/
public function connect($host, $port) { public function connect($host, $port) {
return $this->invokeLDAPMethod('connect', $host, $port); return $this->invokeLDAPMethod('connect', $host, $port);
} }
/**
* @param LDAP $link
* @param LDAP $result
* @param $cookie
* @return bool|LDAP
*/
public function controlPagedResultResponse($link, $result, &$cookie) { public function controlPagedResultResponse($link, $result, &$cookie) {
$this->preFunctionCall('ldap_control_paged_result_response', $this->preFunctionCall('ldap_control_paged_result_response',
array($link, $result, $cookie)); array($link, $result, $cookie));
@ -44,64 +61,144 @@ class LDAP implements ILDAPWrapper {
return $result; return $result;
} }
public function controlPagedResult($link, $pagesize, $isCritical, $cookie) { /**
return $this->invokeLDAPMethod('control_paged_result', $link, $pagesize, * @param LDAP $link
* @param int $pageSize
* @param bool $isCritical
* @param array $cookie
* @return mixed|true
*/
public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
$isCritical, $cookie); $isCritical, $cookie);
} }
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed
*/
public function countEntries($link, $result) { public function countEntries($link, $result) {
return $this->invokeLDAPMethod('count_entries', $link, $result); return $this->invokeLDAPMethod('count_entries', $link, $result);
} }
/**
* @param LDAP $link
* @return mixed|string
*/
public function errno($link) { public function errno($link) {
return $this->invokeLDAPMethod('errno', $link); return $this->invokeLDAPMethod('errno', $link);
} }
/**
* @param LDAP $link
* @return int|mixed
*/
public function error($link) { public function error($link) {
return $this->invokeLDAPMethod('error', $link); return $this->invokeLDAPMethod('error', $link);
} }
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed
*/
public function firstEntry($link, $result) { public function firstEntry($link, $result) {
return $this->invokeLDAPMethod('first_entry', $link, $result); return $this->invokeLDAPMethod('first_entry', $link, $result);
} }
/**
* @param LDAP $link
* @param LDAP $result
* @return array|mixed
*/
public function getAttributes($link, $result) { public function getAttributes($link, $result) {
return $this->invokeLDAPMethod('get_attributes', $link, $result); return $this->invokeLDAPMethod('get_attributes', $link, $result);
} }
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed|string
*/
public function getDN($link, $result) { public function getDN($link, $result) {
return $this->invokeLDAPMethod('get_dn', $link, $result); return $this->invokeLDAPMethod('get_dn', $link, $result);
} }
/**
* @param LDAP $link
* @param LDAP $result
* @return array|mixed
*/
public function getEntries($link, $result) { public function getEntries($link, $result) {
return $this->invokeLDAPMethod('get_entries', $link, $result); return $this->invokeLDAPMethod('get_entries', $link, $result);
} }
/**
* @param LDAP $link
* @param resource $result
* @return mixed|an
*/
public function nextEntry($link, $result) { public function nextEntry($link, $result) {
return $this->invokeLDAPMethod('next_entry', $link, $result); return $this->invokeLDAPMethod('next_entry', $link, $result);
} }
/**
* @param LDAP $link
* @param string $baseDN
* @param string $filter
* @param array $attr
* @return mixed
*/
public function read($link, $baseDN, $filter, $attr) { public function read($link, $baseDN, $filter, $attr) {
return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr); return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
} }
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0) { /**
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, * @param LDAP $link
$attr, $attrsonly, $limit); * @param string $baseDN
* @param string $filter
* @param array $attr
* @param int $attrsOnly
* @param int $limit
* @return mixed
*/
public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
} }
/**
* @param LDAP $link
* @param string $option
* @param int $value
* @return bool|mixed
*/
public function setOption($link, $option, $value) { public function setOption($link, $option, $value) {
return $this->invokeLDAPMethod('set_option', $link, $option, $value); return $this->invokeLDAPMethod('set_option', $link, $option, $value);
} }
public function sort($link, $result, $sortfilter) { /**
return $this->invokeLDAPMethod('sort', $link, $result, $sortfilter); * @param LDAP $link
* @param LDAP $result
* @param string $sortFilter
* @return mixed
*/
public function sort($link, $result, $sortFilter) {
return $this->invokeLDAPMethod('sort', $link, $result, $sortFilter);
} }
/**
* @param LDAP $link
* @return mixed|true
*/
public function startTls($link) { public function startTls($link) {
return $this->invokeLDAPMethod('start_tls', $link); return $this->invokeLDAPMethod('start_tls', $link);
} }
/**
* @param resource $link
* @return bool|mixed
*/
public function unbind($link) { public function unbind($link) {
return $this->invokeLDAPMethod('unbind', $link); return $this->invokeLDAPMethod('unbind', $link);
} }
@ -126,13 +223,16 @@ class LDAP implements ILDAPWrapper {
/** /**
* @brief Checks whether the submitted parameter is a resource * @brief Checks whether the submitted parameter is a resource
* @param $resource the resource variable to check * @param Resource $resource the resource variable to check
* @return boolean if it is a resource, false otherwise * @return bool true if it is a resource, false otherwise
*/ */
public function isResource($resource) { public function isResource($resource) {
return is_resource($resource); return is_resource($resource);
} }
/**
* @return mixed
*/
private function invokeLDAPMethod() { private function invokeLDAPMethod() {
$arguments = func_get_args(); $arguments = func_get_args();
$func = 'ldap_' . array_shift($arguments); $func = 'ldap_' . array_shift($arguments);
@ -148,6 +248,7 @@ class LDAP implements ILDAPWrapper {
/** /**
* @param string $functionName * @param string $functionName
* @param $args
*/ */
private function preFunctionCall($functionName, $args) { private function preFunctionCall($functionName, $args) {
$this->curFunc = $functionName; $this->curFunc = $functionName;
@ -181,4 +282,4 @@ class LDAP implements ILDAPWrapper {
$this->curFunc = ''; $this->curFunc = '';
$this->curArgs = array(); $this->curArgs = array();
} }
} }

2
apps/user_ldap/lib/ldaputility.php
View File

@ -28,7 +28,7 @@ abstract class LDAPUtility {
/** /**
* @brief constructor, make sure the subclasses call this one! * @brief constructor, make sure the subclasses call this one!
* @param $ldapWrapper an instance of an ILDAPWrapper * @param ILDAPWrapper $ldapWrapper an instance of an ILDAPWrapper
*/ */
public function __construct(ILDAPWrapper $ldapWrapper) { public function __construct(ILDAPWrapper $ldapWrapper) {
$this->ldap = $ldapWrapper; $this->ldap = $ldapWrapper;

47
apps/user_ldap/lib/proxy.php
View File

@ -29,16 +29,26 @@ abstract class Proxy {
static private $accesses = array(); static private $accesses = array();
private $ldap = null; private $ldap = null;
/**
* @param ILDAPWrapper $ldap
*/
public function __construct(ILDAPWrapper $ldap) { public function __construct(ILDAPWrapper $ldap) {
$this->ldap = $ldap; $this->ldap = $ldap;
$this->cache = \OC_Cache::getGlobalCache(); $this->cache = \OC_Cache::getGlobalCache();
} }
/**
* @param $configPrefix
*/
private function addAccess($configPrefix) { private function addAccess($configPrefix) {
$connector = new Connection($this->ldap, $configPrefix); $connector = new Connection($this->ldap, $configPrefix);
self::$accesses[$configPrefix] = new Access($connector, $this->ldap); self::$accesses[$configPrefix] = new Access($connector, $this->ldap);
} }
/**
* @param $configPrefix
* @return mixed
*/
protected function getAccess($configPrefix) { protected function getAccess($configPrefix) {
if(!isset(self::$accesses[$configPrefix])) { if(!isset(self::$accesses[$configPrefix])) {
$this->addAccess($configPrefix); $this->addAccess($configPrefix);
@ -46,30 +56,45 @@ abstract class Proxy {
return self::$accesses[$configPrefix]; return self::$accesses[$configPrefix];
} }
/**
* @param $uid
* @return string
*/
protected function getUserCacheKey($uid) { protected function getUserCacheKey($uid) {
return 'user-'.$uid.'-lastSeenOn'; return 'user-'.$uid.'-lastSeenOn';
} }
/**
* @param $gid
* @return string
*/
protected function getGroupCacheKey($gid) { protected function getGroupCacheKey($gid) {
return 'group-'.$gid.'-lastSeenOn'; return 'group-'.$gid.'-lastSeenOn';
} }
/** /**
* @param boolean $passOnWhen * @param $id
* @param string $method * @param $method
* @param $parameters
* @param bool $passOnWhen
* @return mixed
*/ */
abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen); abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
/** /**
* @param string $method * @param $id
* @param $method
* @param $parameters
* @return mixed
*/ */
abstract protected function walkBackends($id, $method, $parameters); abstract protected function walkBackends($id, $method, $parameters);
/** /**
* @brief Takes care of the request to the User backend * @brief Takes care of the request to the User backend
* @param $uid string, the uid connected to the request * @param $id
* @param string $method string, the method of the user backend that shall be called * @param string $method string, the method of the user backend that shall be called
* @param $parameters an array of parameters to be passed * @param array $parameters an array of parameters to be passed
* @param bool $passOnWhen
* @return mixed, the result of the specified method * @return mixed, the result of the specified method
*/ */
protected function handleRequest($id, $method, $parameters, $passOnWhen = false) { protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
@ -81,7 +106,8 @@ abstract class Proxy {
} }
/** /**
* @param string|null $key * @param $key
* @return string
*/ */
private function getCacheKey($key) { private function getCacheKey($key) {
$prefix = 'LDAP-Proxy-'; $prefix = 'LDAP-Proxy-';
@ -92,7 +118,8 @@ abstract class Proxy {
} }
/** /**
* @param string $key * @param $key
* @return mixed|null
*/ */
public function getFromCache($key) { public function getFromCache($key) {
if(!$this->isCached($key)) { if(!$this->isCached($key)) {
@ -104,7 +131,8 @@ abstract class Proxy {
} }
/** /**
* @param string $key * @param $key
* @return bool
*/ */
public function isCached($key) { public function isCached($key) {
$key = $this->getCacheKey($key); $key = $this->getCacheKey($key);
@ -112,7 +140,8 @@ abstract class Proxy {
} }
/** /**
* @param string $key * @param $key
* @param $value
*/ */
public function writeToCache($key, $value) { public function writeToCache($key, $value) {
$key = $this->getCacheKey($key); $key = $this->getCacheKey($key);

130
apps/user_ldap/lib/wizard.php
View File

@ -45,8 +45,8 @@ class Wizard extends LDAPUtility {
/** /**
* @brief Constructor * @brief Constructor
* @param $configuration an instance of Configuration * @param Configuration $configuration an instance of Configuration
* @param $ldap an instance of ILDAPWrapper * @param ILDAPWrapper $ldap an instance of ILDAPWrapper
*/ */
public function __construct(Configuration $configuration, ILDAPWrapper $ldap) { public function __construct(Configuration $configuration, ILDAPWrapper $ldap) {
parent::__construct($ldap); parent::__construct($ldap);
@ -63,6 +63,10 @@ class Wizard extends LDAPUtility {
} }
} }
/**
* @return WizardResult
* @throws \Exception
*/
public function countGroups() { public function countGroups() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
@ -96,6 +100,10 @@ class Wizard extends LDAPUtility {
return $this->result; return $this->result;
} }
/**
* @return WizardResult
* @throws \Exception
*/
public function countUsers() { public function countUsers() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
@ -125,7 +133,10 @@ class Wizard extends LDAPUtility {
return $this->result; return $this->result;
} }
/**
* @return WizardResult
* @throws \Exception
*/
public function determineAttributes() { public function determineAttributes() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
@ -152,6 +163,7 @@ class Wizard extends LDAPUtility {
/** /**
* @brief return the state of the Group Filter Mode * @brief return the state of the Group Filter Mode
* @return WizardResult
*/ */
public function getGroupFilterMode() { public function getGroupFilterMode() {
$this->getFilterMode('ldapGroupFilterMode'); $this->getFilterMode('ldapGroupFilterMode');
@ -160,6 +172,7 @@ class Wizard extends LDAPUtility {
/** /**
* @brief return the state of the Login Filter Mode * @brief return the state of the Login Filter Mode
* @return WizardResult
*/ */
public function getLoginFilterMode() { public function getLoginFilterMode() {
$this->getFilterMode('ldapLoginFilterMode'); $this->getFilterMode('ldapLoginFilterMode');
@ -168,6 +181,7 @@ class Wizard extends LDAPUtility {
/** /**
* @brief return the state of the User Filter Mode * @brief return the state of the User Filter Mode
* @return WizardResult
*/ */
public function getUserFilterMode() { public function getUserFilterMode() {
$this->getFilterMode('ldapUserFilterMode'); $this->getFilterMode('ldapUserFilterMode');
@ -176,19 +190,20 @@ class Wizard extends LDAPUtility {
/** /**
* @brief return the state of the mode of the specified filter * @brief return the state of the mode of the specified filter
* @param string $confkey string, contains the access key of the Configuration * @param string $confKey contains the access key of the Configuration
*/ */
private function getFilterMode($confkey) { private function getFilterMode($confKey) {
$mode = $this->configuration->$confkey; $mode = $this->configuration->$confKey;
if(is_null($mode)) { if(is_null($mode)) {
$mode = $this->LFILTER_MODE_ASSISTED; $mode = $this->LFILTER_MODE_ASSISTED;
} }
$this->result->addChange($confkey, $mode); $this->result->addChange($confKey, $mode);
} }
/** /**
* @brief detects the available LDAP attributes * @brief detects the available LDAP attributes
* @returns the instance's WizardResult instance * @return array The instance's WizardResult instance
* @throws \Exception
*/ */
private function getUserAttributes() { private function getUserAttributes() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
@ -221,7 +236,7 @@ class Wizard extends LDAPUtility {
/** /**
* @brief detects the available LDAP groups * @brief detects the available LDAP groups
* @returns the instance's WizardResult instance * @returns WizardResult the instance's WizardResult instance
*/ */
public function determineGroupsForGroups() { public function determineGroupsForGroups() {
return $this->determineGroups('ldap_groupfilter_groups', return $this->determineGroups('ldap_groupfilter_groups',
@ -231,7 +246,7 @@ class Wizard extends LDAPUtility {
/** /**
* @brief detects the available LDAP groups * @brief detects the available LDAP groups
* @returns the instance's WizardResult instance * @returns WizardResult the instance's WizardResult instance
*/ */
public function determineGroupsForUsers() { public function determineGroupsForUsers() {
return $this->determineGroups('ldap_userfilter_groups', return $this->determineGroups('ldap_userfilter_groups',
@ -240,11 +255,13 @@ class Wizard extends LDAPUtility {
/** /**
* @brief detects the available LDAP groups * @brief detects the available LDAP groups
* @param string $dbkey * @param string $dbKey
* @param string $confkey * @param string $confKey
* @returns the instance's WizardResult instance * @param bool $testMemberOf
* @return WizardResult the instance's WizardResult instance
* @throws \Exception
*/ */
private function determineGroups($dbkey, $confkey, $testMemberOf = true) { private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapBase', 'ldapBase',
@ -256,8 +273,8 @@ class Wizard extends LDAPUtility {
throw new \Exception('Could not connect to LDAP'); throw new \Exception('Could not connect to LDAP');
} }
$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', '*'); $obClasses = array('posixGroup', 'group', 'zimbraDistributionList', '*');
$this->determineFeature($obclasses, 'cn', $dbkey, $confkey); $this->determineFeature($obClasses, 'cn', $dbKey, $confKey);
if($testMemberOf) { if($testMemberOf) {
$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf(); $this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
@ -270,6 +287,10 @@ class Wizard extends LDAPUtility {
return $this->result; return $this->result;
} }
/**
* @return bool|WizardResult
* @throws \Exception
*/
public function determineGroupMemberAssoc() { public function determineGroupMemberAssoc() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
@ -289,8 +310,9 @@ class Wizard extends LDAPUtility {
} }
/** /**
* @brief detects the available object classes * @brief Detects the available object classes
* @returns the instance's WizardResult instance * @return WizardResult the instance's WizardResult instance
* @throws \Exception
*/ */
public function determineGroupObjectClasses() { public function determineGroupObjectClasses() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
@ -316,7 +338,8 @@ class Wizard extends LDAPUtility {
/** /**
* @brief detects the available object classes * @brief detects the available object classes
* @returns the instance's WizardResult instance * @return WizardResult
* @throws \Exception
*/ */
public function determineUserObjectClasses() { public function determineUserObjectClasses() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
@ -344,6 +367,10 @@ class Wizard extends LDAPUtility {
return $this->result; return $this->result;
} }
/**
* @return WizardResult
* @throws \Exception
*/
public function getGroupFilter() { public function getGroupFilter() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
@ -364,6 +391,10 @@ class Wizard extends LDAPUtility {
return $this->result; return $this->result;
} }
/**
* @return WizardResult
* @throws \Exception
*/
public function getUserListFilter() { public function getUserListFilter() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
@ -386,6 +417,10 @@ class Wizard extends LDAPUtility {
return $this->result; return $this->result;
} }
/**
* @return bool|WizardResult
* @throws \Exception
*/
public function getUserLoginFilter() { public function getUserLoginFilter() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
@ -406,7 +441,8 @@ class Wizard extends LDAPUtility {
/** /**
* Tries to determine the port, requires given Host, User DN and Password * Tries to determine the port, requires given Host, User DN and Password
* @returns mixed WizardResult on success, false otherwise * @returns WizardResult|false WizardResult on success, false otherwise
* @throws \Exception
*/ */
public function guessPortAndTLS() { public function guessPortAndTLS() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
@ -486,8 +522,7 @@ class Wizard extends LDAPUtility {
* @brief sets the found value for the configuration key in the WizardResult * @brief sets the found value for the configuration key in the WizardResult
* as well as in the Configuration instance * as well as in the Configuration instance
* @param string $key the configuration key * @param string $key the configuration key
* @param $value the (detected) value * @param string $value the (detected) value
* @return null
* *
*/ */
private function applyFind($key, $value) { private function applyFind($key, $value) {
@ -516,7 +551,8 @@ class Wizard extends LDAPUtility {
/** /**
* @brief tries to detect the group member association attribute which is * @brief tries to detect the group member association attribute which is
* one of 'uniqueMember', 'memberUid', 'member' * one of 'uniqueMember', 'memberUid', 'member'
* @return mixed, string with the attribute name, false on error * @return string|false, string with the attribute name, false on error
* @throws \Exception
*/ */
private function detectGroupMemberAssoc() { private function detectGroupMemberAssoc() {
$possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa'); $possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa');
@ -535,7 +571,7 @@ class Wizard extends LDAPUtility {
} }
$er = $this->ldap->firstEntry($cr, $rr); $er = $this->ldap->firstEntry($cr, $rr);
while(is_resource($er)) { while(is_resource($er)) {
$dn = $this->ldap->getDN($cr, $er); $this->ldap->getDN($cr, $er);
$attrs = $this->ldap->getAttributes($cr, $er); $attrs = $this->ldap->getAttributes($cr, $er);
$result = array(); $result = array();
for($i = 0; $i < count($possibleAttrs); $i++) { for($i = 0; $i < count($possibleAttrs); $i++) {
@ -558,6 +594,7 @@ class Wizard extends LDAPUtility {
* @brief Checks whether for a given BaseDN results will be returned * @brief Checks whether for a given BaseDN results will be returned
* @param string $base the BaseDN to test * @param string $base the BaseDN to test
* @return bool true on success, false otherwise * @return bool true on success, false otherwise
* @throws \Exception
*/ */
private function testBaseDN($base) { private function testBaseDN($base) {
$cr = $this->getConnection(); $cr = $this->getConnection();
@ -583,7 +620,8 @@ class Wizard extends LDAPUtility {
* @brief Checks whether the server supports memberOf in LDAP Filter. * @brief Checks whether the server supports memberOf in LDAP Filter.
* Requires that groups are determined, thus internally called from within * Requires that groups are determined, thus internally called from within
* determineGroups() * determineGroups()
* @return bool, true if it does, false otherwise * @return bool true if it does, false otherwise
* @throws \Exception
*/ */
private function testMemberOf() { private function testMemberOf() {
$cr = $this->getConnection(); $cr = $this->getConnection();
@ -624,7 +662,8 @@ class Wizard extends LDAPUtility {
* @param integer $filterType int, for which use case the filter shall be created * @param integer $filterType int, for which use case the filter shall be created
* can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
* self::LFILTER_GROUP_LIST * self::LFILTER_GROUP_LIST
* @return mixed, string with the filter on success, false otherwise * @return string|false string with the filter on success, false otherwise
* @throws \Exception
*/ */
private function composeLdapFilter($filterType) { private function composeLdapFilter($filterType) {
$filter = ''; $filter = '';
@ -765,9 +804,11 @@ class Wizard extends LDAPUtility {
/** /**
* Connects and Binds to an LDAP Server * Connects and Binds to an LDAP Server
* @param $port the port to connect with * @param int $port the port to connect with
* @param $tls whether startTLS is to be used * @param bool $tls whether startTLS is to be used
* @return * @param bool $ncc
* @return bool
* @throws \Exception
*/ */
private function connectAndBind($port = 389, $tls = false, $ncc = false) { private function connectAndBind($port = 389, $tls = false, $ncc = false) {
if($ncc) { if($ncc) {
@ -819,17 +860,17 @@ class Wizard extends LDAPUtility {
if($ncc) { if($ncc) {
throw new \Exception('Certificate cannot be validated.'); throw new \Exception('Certificate cannot be validated.');
} }
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successfull to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG); \OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
return true; return true;
} }
$errno = $this->ldap->errno($cr); $errNo = $this->ldap->errno($cr);
$error = ldap_error($cr); $error = ldap_error($cr);
$this->ldap->unbind($cr); $this->ldap->unbind($cr);
if($errno === -1 || ($errno === 2 && $ncc)) { if($errNo === -1 || ($errNo === 2 && $ncc)) {
//host, port or TLS wrong //host, port or TLS wrong
return false; return false;
} else if ($errno === 2) { } else if ($errNo === 2) {
return $this->connectAndBind($port, $tls, true); return $this->connectAndBind($port, $tls, true);
} }
throw new \Exception($error); throw new \Exception($error);
@ -838,8 +879,7 @@ class Wizard extends LDAPUtility {
/** /**
* @brief checks whether a valid combination of agent and password has been * @brief checks whether a valid combination of agent and password has been
* provided (either two values or nothing for anonymous connect) * provided (either two values or nothing for anonymous connect)
* @return boolean, true if everything is fine, false otherwise * @return bool, true if everything is fine, false otherwise
*
*/ */
private function checkAgentRequirements() { private function checkAgentRequirements() {
$agent = $this->configuration->ldapAgentName; $agent = $this->configuration->ldapAgentName;
@ -850,7 +890,8 @@ class Wizard extends LDAPUtility {
} }
/** /**
* @param string[] $reqs * @param array $reqs
* @return bool
*/ */
private function checkRequirements($reqs) { private function checkRequirements($reqs) {
$this->checkAgentRequirements(); $this->checkAgentRequirements();
@ -874,8 +915,7 @@ class Wizard extends LDAPUtility {
* The lower, the faster * The lower, the faster
* @param string $maxF string. if not null, this variable will have the filter that * @param string $maxF string. if not null, this variable will have the filter that
* yields most result entries * yields most result entries
* @return mixed, an array with the values on success, false otherwise * @return array|false an array with the values on success, false otherwise
*
*/ */
public function cumulativeSearchOnAttribute($filters, $attr, $lfw = true, $dnReadLimit = 3, &$maxF = null) { public function cumulativeSearchOnAttribute($filters, $attr, $lfw = true, $dnReadLimit = 3, &$maxF = null) {
$dnRead = array(); $dnRead = array();
@ -949,7 +989,8 @@ class Wizard extends LDAPUtility {
* Configuration class * Configuration class
* @param $po boolean, whether the objectClass with most result entries * @param $po boolean, whether the objectClass with most result entries
* shall be pre-selected via the result * shall be pre-selected via the result
* @returns array, list of found items. * @return array, list of found items.
* @throws \Exception
*/ */
private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) { private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
$cr = $this->getConnection(); $cr = $this->getConnection();
@ -1013,7 +1054,7 @@ class Wizard extends LDAPUtility {
return self::LRESULT_PROCESSED_INVALID; return self::LRESULT_PROCESSED_INVALID;
} }
//strtolower on all keys for proper comparison // strtolower on all keys for proper comparison
$result = \OCP\Util::mb_array_change_key_case($result); $result = \OCP\Util::mb_array_change_key_case($result);
$attribute = strtolower($attribute); $attribute = strtolower($attribute);
if(isset($result[$attribute])) { if(isset($result[$attribute])) {
@ -1031,6 +1072,9 @@ class Wizard extends LDAPUtility {
} }
} }
/**
* @return bool|mixed
*/
private function getConnection() { private function getConnection() {
if(!is_null($this->cr)) { if(!is_null($this->cr)) {
return $this->cr; return $this->cr;
@ -1057,6 +1101,9 @@ class Wizard extends LDAPUtility {
return false; return false;
} }
/**
* @return array
*/
private function getDefaultLdapPortSettings() { private function getDefaultLdapPortSettings() {
static $settings = array( static $settings = array(
array('port' => 7636, 'tls' => false), array('port' => 7636, 'tls' => false),
@ -1069,6 +1116,9 @@ class Wizard extends LDAPUtility {
return $settings; return $settings;
} }
/**
* @return array
*/
private function getPortSettingsToTry() { private function getPortSettingsToTry() {
//389 ← LDAP / Unencrypted or StartTLS //389 ← LDAP / Unencrypted or StartTLS
//636 ← LDAPS / SSL //636 ← LDAPS / SSL

13
apps/user_ldap/lib/wizardresult.php
View File

@ -28,10 +28,17 @@ class WizardResult {
protected $options = array(); protected $options = array();
protected $markedChange = false; protected $markedChange = false;
/**
* @param $key
* @param $value
*/
public function addChange($key, $value) { public function addChange($key, $value) {
$this->changes[$key] = $value; $this->changes[$key] = $value;
} }
/**
*
*/
public function markChange() { public function markChange() {
$this->markedChange = true; $this->markedChange = true;
} }
@ -47,10 +54,16 @@ class WizardResult {
$this->options[$key] = $values; $this->options[$key] = $values;
} }
/**
* @return bool
*/
public function hasChanges() { public function hasChanges() {
return (count($this->changes) > 0 || $this->markedChange); return (count($this->changes) > 0 || $this->markedChange);
} }
/**
* @return array
*/
public function getResultArray() { public function getResultArray() {
$result = array(); $result = array();
$result['changes'] = $this->changes; $result['changes'] = $this->changes;