sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use proper PHPDoc and variable names in the LDAP lib 

My IDE was so sad about this that it marked the whole file in red and yellow and forced me to fix this.
remotes/origin/ldap_group_count
Lukas Reschke 2014-05-11 15:17:27 +07:00
parent b6d76e9985
commit fc8be5abc3
12 changed files with 683 additions and 378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

435
apps/user_ldap/lib/access.php
Unescape Escape View File

@ -23,6 +23,10 @@
namespace OCA\user_ldap\lib;
/**
* Class Access
* @package OCA\user_ldap\lib
*/
class Access extends LDAPUtility {
public $connection;
//never ever check this var directly, always use getPagedSearchResultState
@ -30,24 +34,30 @@ class Access extends LDAPUtility {
protected $cookies = array();
/**
* @param Connection $connection
* @param ILDAPWrapper $ldap
*/
public function __construct(Connection $connection, ILDAPWrapper $ldap) {
parent::__construct($ldap);
$this->connection = $connection;
}
/**
* @return bool
*/
private function checkConnection() {
return ($this->connection instanceof Connection);
}
/**
* @brief reads a given attribute for an LDAP record identified by a DN
* @param $dn the record in question
* @param $attr the attribute that shall be retrieved
* @param string $dn the record in question
* @param string $attr the attribute that shall be retrieved
* if empty, just check the record's existence
* @returns an array of values on success or an empty
* @param string $filter
* @return array|false an array of values on success or an empty
* array if $attr is empty, false otherwise
*
* Reads an attribute from an LDAP entry or check if entry exists
*/
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
if(!$this->checkConnection()) {
@ -105,7 +115,7 @@ class Access extends LDAPUtility {
}
/**
* @brief checks wether the given attribute`s valua is probably a DN
* @brief checks whether the given attributes value is probably a DN
* @param string $attr the attribute in question
* @return boolean if so true, otherwise false
*/
@ -120,8 +130,8 @@ class Access extends LDAPUtility {
/**
* @brief sanitizes a DN received from the LDAP server
* @param $dn the DN in question
* @return the sanitized DN
* @param array $dn the DN in question
* @return array the sanitized DN
*/
private function sanitizeDN($dn) {
//treating multiple base DNs
@ -163,7 +173,8 @@ class Access extends LDAPUtility {
/**
* gives back the database table for the query
* @param boolean $isUser
* @param bool $isUser
* @return string
*/
private function getMapTable($isUser) {
if($isUser) {
@ -176,9 +187,7 @@ class Access extends LDAPUtility {
/**
* @brief returns the LDAP DN for the given internal ownCloud name of the group
* @param string $name the ownCloud name in question
* @returns string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the group
* @return string with the LDAP DN on success, otherwise false
*/
public function groupname2dn($name) {
$dn = $this->ocname2dn($name, false);
@ -192,10 +201,8 @@ class Access extends LDAPUtility {
/**
* @brief returns the LDAP DN for the given internal ownCloud name of the user
* @param $name the ownCloud name in question
* @returns string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the user
* @param string $name the ownCloud name in question
* @return string with the LDAP DN on success, otherwise false
*/
public function username2dn($name) {
$dn = $this->ocname2dn($name, true);
@ -210,11 +217,9 @@ class Access extends LDAPUtility {
/**
* @brief returns the LDAP DN for the given internal ownCloud name
* @param $name the ownCloud name in question
* @param string $name the ownCloud name in question
* @param boolean $isUser is it a user? otherwise group
* @returns string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name
* @return string with the LDAP DN on success, otherwise false
*/
private function ocname2dn($name, $isUser) {
$table = $this->getMapTable($isUser);
@ -230,15 +235,12 @@ class Access extends LDAPUtility {
}
/**
* @brief returns the internal ownCloud name for the given LDAP DN of the group
* @param $dn the dn of the group object
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud, false on DN outside of search DN
*
* returns the internal ownCloud name for the given LDAP DN of the
* group, false on DN outside of search DN or failure
* @brief returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
* @param string $dn the dn of the group object
* @param string $ldapName optional, the display name of the object
* @return string with the name to use in ownCloud, false on DN outside of search DN
*/
public function dn2groupname($dn, $ldapname = null) {
public function dn2groupname($dn, $ldapName = null) {
//To avoid bypassing the base DN settings under certain circumstances
//with the group support, check whether the provided DN matches one of
//the given Bases
@ -246,18 +248,16 @@ class Access extends LDAPUtility {
return false;
}
return $this->dn2ocname($dn, $ldapname, false);
return $this->dn2ocname($dn, $ldapName, false);
}
/**
* @brief returns the internal ownCloud name for the given LDAP DN of the user
* @param $dn the dn of the user object
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
* @brief returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
* @param string $dn the dn of the user object
* @param string $ldapName optional, the display name of the object
* @return string with with the name to use in ownCloud
*/
public function dn2username($dn, $ldapname = null) {
public function dn2username($dn, $ldapName = null) {
//To avoid bypassing the base DN settings under certain circumstances
//with the group support, check whether the provided DN matches one of
//the given Bases
@ -265,19 +265,17 @@ class Access extends LDAPUtility {
return false;
}
return $this->dn2ocname($dn, $ldapname, true);
return $this->dn2ocname($dn, $ldapName, true);
}
/**
* @brief returns an internal ownCloud name for the given LDAP DN
* @param $dn the dn of the user object
* @param $ldapname optional, the display name of the object
* @param $isUser optional, wether it is a user object (otherwise group assumed)
* @returns string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
* @brief returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
* @param string $dn the dn of the user object
* @param string $ldapName optional, the display name of the object
* @param bool $isUser optional, whether it is a user object (otherwise group assumed)
* @return string with with the name to use in ownCloud
*/
public function dn2ocname($dn, $ldapname = null, $isUser = true) {
public function dn2ocname($dn, $ldapName = null, $isUser = true) {
$table = $this->getMapTable($isUser);
if($isUser) {
$fncFindMappedName = 'findMappedUser';
@ -288,9 +286,9 @@ class Access extends LDAPUtility {
}
//let's try to retrieve the ownCloud name from the mappings table
$ocname = $this->$fncFindMappedName($dn);
if($ocname) {
return $ocname;
$ocName = $this->$fncFindMappedName($dn);
if($ocName) {
return $ocName;
}
//second try: get the UUID and check if it is known. Then, update the DN and return the name.
@ -317,13 +315,13 @@ class Access extends LDAPUtility {
return false;
}
if(is_null($ldapname)) {
$ldapname = $this->readAttribute($dn, $nameAttribute);
if(!isset($ldapname[0]) && empty($ldapname[0])) {
if(is_null($ldapName)) {
$ldapName = $this->readAttribute($dn, $nameAttribute);
if(!isset($ldapName[0]) && empty($ldapName[0])) {
\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$dn.'.', \OCP\Util::INFO);
return false;
}
$ldapname = $ldapname[0];
$ldapName = $ldapName[0];
}
if($isUser) {
@ -334,27 +332,27 @@ class Access extends LDAPUtility {
} else {
$username = $uuid;
}
$intname = $this->sanitizeUsername($username);
$intName = $this->sanitizeUsername($username);
} else {
$intname = $ldapname;
$intName = $ldapName;
}
//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
//disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
$originalTTL = $this->connection->ldapCacheTTL;
$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
if(($isUser && !\OCP\User::userExists($intname))
|| (!$isUser && !\OC_Group::groupExists($intname))) {
if($this->mapComponent($dn, $intname, $isUser)) {
if(($isUser && !\OCP\User::userExists($intName))
|| (!$isUser && !\OC_Group::groupExists($intName))) {
if($this->mapComponent($dn, $intName, $isUser)) {
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
return $intname;
return $intName;
}
}
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
$altname = $this->createAltInternalOwnCloudName($intname, $isUser);
if($this->mapComponent($dn, $altname, $isUser)) {
return $altname;
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if($this->mapComponent($dn, $altName, $isUser)) {
return $altName;
}
//if everything else did not help..
@ -364,8 +362,8 @@ class Access extends LDAPUtility {
/**
* @brief gives back the user names as they are used ownClod internally
* @param $ldapGroups an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
* @returns an array with the user names to use in ownCloud
* @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
* @return array an array with the user names to use in ownCloud
*
* gives back the user names as they are used ownClod internally
*/
@ -375,8 +373,8 @@ class Access extends LDAPUtility {
/**
* @brief gives back the group names as they are used ownClod internally
* @param $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
* @returns an array with the group names to use in ownCloud
* @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
* @return array an array with the group names to use in ownCloud
*
* gives back the group names as they are used ownClod internally
*/
@ -384,6 +382,10 @@ class Access extends LDAPUtility {
return $this->ldap2ownCloudNames($ldapGroups, false);
}
/**
* @param $dn
* @return bool|string
*/
private function findMappedUser($dn) {
static $query = null;
if(is_null($query)) {
@ -400,6 +402,10 @@ class Access extends LDAPUtility {
return false;
}
/**
* @param $dn
* @return bool|string
*/
private function findMappedGroup($dn) {
static $query = null;
if(is_null($query)) {
@ -416,9 +422,10 @@ class Access extends LDAPUtility {
return false;
}
/**
* @param boolean $isUsers
* @param $ldapObjects
* @param bool $isUsers
* @return array
*/
private function ldap2ownCloudNames($ldapObjects, $isUsers) {
if($isUsers) {
@ -430,13 +437,13 @@ class Access extends LDAPUtility {
foreach($ldapObjects as $ldapObject) {
$nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
$ocname = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
if($ocname) {
$ownCloudNames[] = $ocname;
$ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
if($ocName) {
$ownCloudNames[] = $ocName;
if($isUsers) {
//cache the user names so it does not need to be retrieved
//again later (e.g. sharing dialogue).
$this->cacheUserDisplayName($ocname, $nameByLDAP);
$this->cacheUserDisplayName($ocName, $nameByLDAP);
}
}
continue;
@ -446,18 +453,18 @@ class Access extends LDAPUtility {
/**
* @brief caches the user display name
* @param string the internal owncloud username
* @param string the display name
* @param string $ocName the internal ownCloud username
* @param string $displayName the display name
*/
public function cacheUserDisplayName($ocname, $displayName) {
public function cacheUserDisplayName($ocName, $displayName) {
$cacheKeyTrunk = 'getDisplayName';
$this->connection->writeToCache($cacheKeyTrunk.$ocname, $displayName);
$this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
}
/**
* @brief creates a unique name for internal ownCloud use for users. Don't call it directly.
* @param $name the display name of the object
* @returns string with with the name to use in ownCloud or false if unsuccessful
* @param string $name the display name of the object
* @return string with with the name to use in ownCloud or false if unsuccessful
*
* Instead of using this method directly, call
* createAltInternalOwnCloudName($name, true)
@ -478,8 +485,8 @@ class Access extends LDAPUtility {
/**
* @brief creates a unique name for internal ownCloud use for groups. Don't call it directly.
* @param $name the display name of the object
* @returns string with with the name to use in ownCloud or false if unsuccessful.
* @param string $name the display name of the object
* @return string with with the name to use in ownCloud or false if unsuccessful.
*
* Instead of using this method directly, call
* createAltInternalOwnCloudName($name, false)
@ -504,17 +511,17 @@ class Access extends LDAPUtility {
$lastNo = 1; //will become name_2
} else {
natsort($usedNames);
$lastname = array_pop($usedNames);
$lastNo = intval(substr($lastname, strrpos($lastname, '_') + 1));
$lastName = array_pop($usedNames);
$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
}
$altName = $name.'_'.strval($lastNo+1);
unset($usedNames);
$attempts = 1;
while($attempts < 21){
//Pro forma check to be really sure it is unique
//while loop is just a precaution. If a name is not generated within
//20 attempts, something else is very wrong. Avoids infinite loop.
// Check to be really sure it is unique
// while loop is just a precaution. If a name is not generated within
// 20 attempts, something else is very wrong. Avoids infinite loop.
if(!\OC_Group::groupExists($altName)) {
return $altName;
}
@ -526,9 +533,9 @@ class Access extends LDAPUtility {
/**
* @brief creates a unique name for internal ownCloud use.
* @param $name the display name of the object
* @param string $name the display name of the object
* @param boolean $isUser whether name should be created for a user (true) or a group (false)
* @returns string with with the name to use in ownCloud or false if unsuccessful
* @return string with with the name to use in ownCloud or false if unsuccessful
*/
private function createAltInternalOwnCloudName($name, $isUser) {
$originalTTL = $this->connection->ldapCacheTTL;
@ -545,7 +552,7 @@ class Access extends LDAPUtility {
/**
* @brief retrieves all known groups from the mappings table
* @returns array with the results
* @return array with the results
*
* retrieves all known groups from the mappings table
*/
@ -555,7 +562,7 @@ class Access extends LDAPUtility {
/**
* @brief retrieves all known users from the mappings table
* @returns array with the results
* @return array with the results
*
* retrieves all known users from the mappings table
*/
@ -579,19 +586,19 @@ class Access extends LDAPUtility {
/**
* @brief inserts a new user or group into the mappings table
* @param $dn the record in question
* @param $ocname the name to use in ownCloud
* @param $isUser is it a user or a group?
* @returns true on success, false otherwise
* @param string $dn the record in question
* @param string $ocName the name to use in ownCloud
* @param bool $isUser is it a user or a group?
* @return bool true on success, false otherwise
*
* inserts a new user or group into the mappings table
*/
private function mapComponent($dn, $ocname, $isUser = true) {
private function mapComponent($dn, $ocName, $isUser = true) {
$table = $this->getMapTable($isUser);
$sqlAdjustment = '';
$dbtype = \OCP\Config::getSystemValue('dbtype');
if($dbtype === 'mysql') {
$dbType = \OCP\Config::getSystemValue('dbtype');
if($dbType === 'mysql') {
$sqlAdjustment = 'FROM DUAL';
}
@ -607,9 +614,9 @@ class Access extends LDAPUtility {
');
//feed the DB
$insRows = $insert->execute(array($dn, $ocname,
$insRows = $insert->execute(array($dn, $ocName,
$this->getUUID($dn, $isUser), $dn,
$ocname));
$ocName));
if(\OCP\DB::isError($insRows)) {
return false;
@ -623,24 +630,31 @@ class Access extends LDAPUtility {
}
/**
* @param integer $limit
* @param integer $offset
* @param $filter
* @param $attr
* @param int $limit
* @param int $offset
* @return array
*/
public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) {
return $this->fetchList($this->searchUsers($filter, $attr, $limit, $offset), (count($attr) > 1));
}
/**
* @param string $filter
* @param integer $limit
* @param integer $offset
* @param $filter
* @param $attr
* @param int $limit
* @param int $offset
* @return array
*/
public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1));
}
/**
* @param boolean $manyAttributes
* @param $list
* @param bool $manyAttributes
* @return array
*/
private function fetchList($list, $manyAttributes) {
if(is_array($list)) {
@ -657,11 +671,11 @@ class Access extends LDAPUtility {
/**
* @brief executes an LDAP search, optimized for Users
* @param $filter the LDAP filter for the search
* @param $attr optional, when a certain attribute shall be filtered out
* @param string $filter the LDAP filter for the search
* @param string $attr optional, when a certain attribute shall be filtered out
* @param integer $limit
* @param integer $offset
* @returns array with the search result
* @return array with the search result
*
* Executes an LDAP search
*/
@ -671,6 +685,10 @@ class Access extends LDAPUtility {
/**
* @param string $filter
* @param array $attr
* @param int $limit
* @param int $offset
* @return false|int
*/
public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) {
return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
@ -679,10 +697,10 @@ class Access extends LDAPUtility {
/**
* @brief executes an LDAP search, optimized for Groups
* @param string $filter the LDAP filter for the search
* @param $attr optional, when a certain attribute shall be filtered out
* @param string $attr optional, when a certain attribute shall be filtered out
* @param integer $limit
* @param integer $offset
* @returns array with the search result
* @return array with the search result
*
* Executes an LDAP search
*/
@ -692,13 +710,13 @@ class Access extends LDAPUtility {
/**
* @brief prepares and executes an LDAP search operation
* @param $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be
* @param string $filter the LDAP filter for the search
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array.
* @param $limit optional, maximum results to be counted
* @param $offset optional, a starting point
* @returns array with the search result as first value and pagedSearchOK as
* @param int $limit optional, maximum results to be counted
* @param int $offset optional, a starting point
* @return array|false array with the search result as first value and pagedSearchOK as
* second | false if not successful
*/
private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
@ -715,7 +733,7 @@ class Access extends LDAPUtility {
return false;
}
//check wether paged search should be attempted
//check whether paged search should be attempted
$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, $limit, $offset);
$linkResources = array_pad(array(), count($base), $cr);
@ -738,16 +756,16 @@ class Access extends LDAPUtility {
/**
* @brief processes an LDAP paged search operation
* @param $sr the array containing the LDAP search resources
* @param $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $iFoundItems number of results in the search operation
* @param $limit maximum results to be counted
* @param $offset a starting point
* @param $pagedSearchOK whether a paged search has been executed
* @param boolean $skipHandling required for paged search when cookies to
* @param array $sr the array containing the LDAP search resources
* @param string $filter the LDAP filter for the search
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param int $iFoundItems number of results in the search operation
* @param int $limit maximum results to be counted
* @param int $offset a starting point
* @param bool $pagedSearchOK whether a paged search has been executed
* @param bool $skipHandling required for paged search when cookies to
* prior results need to be gained
* @returns array with the search result as first value and pagedSearchOK as
* @returns array|false array with the search result as first value and pagedSearchOK as
* second | false if not successful
*/
private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
@ -780,14 +798,14 @@ class Access extends LDAPUtility {
/**
* @brief executes an LDAP search, but counts the results only
* @param string $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array.
* @param $limit optional, maximum results to be counted
* @param $offset optional, a starting point
* @param $skipHandling indicates whether the pages search operation is
* @param int $limit optional, maximum results to be counted
* @param int $offset optional, a starting point
* @param bool $skipHandling indicates whether the pages search operation is
* completed
* @returns int | false if the search could not be initialized
* @returns int|false Integer or false if the search could not be initialized
*
*/
private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
@ -799,7 +817,7 @@ class Access extends LDAPUtility {
$counter = 0;
$count = null;
$cr = $this->connection->getConnectionResource();
$this->connection->getConnectionResource();
do {
$continue = false;
@ -821,10 +839,15 @@ class Access extends LDAPUtility {
return $counter;
}
private function countEntriesInSearchResults($searchResults, $limit,
&$hasHitLimit) {
/**
* @param $searchResults
* @param $limit
* @param $hasHitLimit
* @return int
*/
private function countEntriesInSearchResults($searchResults, $limit, &$hasHitLimit) {
$cr = $this->connection->getConnectionResource();
$count = 0;
$counter = 0;
foreach($searchResults as $res) {
$count = intval($this->ldap->countEntries($cr, $res));
@ -838,14 +861,14 @@ class Access extends LDAPUtility {
}
/**
* @brief executes an LDAP search
* @param $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array.
* @returns array with the search result
*
* Executes an LDAP search
* @brief Executes an LDAP search
* @param string $filter the LDAP filter for the search
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, array, one or more attributes that shall be
* @param int $limit
* @param int $offset
* @param bool $skipHandling
* @return array with the search result
*/
private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
$search = $this->executeSearch($filter, $base, $attr, $limit, $offset);
@ -873,7 +896,7 @@ class Access extends LDAPUtility {
}
$findings = array();
foreach($sr as $key => $res) {
foreach($sr as $res) {
$findings = array_merge($findings, $this->ldap->getEntries($cr , $res ));
}
@ -889,9 +912,9 @@ class Access extends LDAPUtility {
if(!is_null($attr)) {
$selection = array();
$multiarray = false;
$multiArray = false;
if(count($attr) > 1) {
$multiarray = true;
$multiArray = true;
$i = 0;
}
foreach($findings as $item) {
@ -900,7 +923,7 @@ class Access extends LDAPUtility {
}
$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
if($multiarray) {
if($multiArray) {
foreach($attr as $key) {
$key = mb_strtolower($key, 'UTF-8');
if(isset($item[$key])) {
@ -931,7 +954,7 @@ class Access extends LDAPUtility {
$findings = $selection;
}
//we slice the findings, when
//a) paged search insuccessful, though attempted
//a) paged search unsuccessful, though attempted
//b) no paged search, but limit set
if((!$this->getPagedSearchResultState()
&& $pagedSearchOK)
@ -945,19 +968,23 @@ class Access extends LDAPUtility {
return $findings;
}
/**
* @param $name
* @return bool|mixed|string
*/
public function sanitizeUsername($name) {
if($this->connection->ldapIgnoreNamingRules) {
return $name;
}
// Translitaration
//latin characters to ASCII
// Transliteration
// latin characters to ASCII
$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
//REPLACEMENTS
// Replacements
$name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8');
//every remaining unallowed characters will be removed
// Every remaining disallowed characters will be removed
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
return $name;
@ -966,7 +993,7 @@ class Access extends LDAPUtility {
/**
* @brief escapes (user provided) parts for LDAP filter
* @param string $input, the provided value
* @return the escaped string
* @return string the escaped string
*/
public function escapeFilterPart($input) {
$search = array('*', '\\', '(', ')');
@ -977,9 +1004,7 @@ class Access extends LDAPUtility {
/**
* @brief combines the input filters with AND
* @param $filters array, the filters to connect
* @returns the combined filter
*
* Combines Filter arguments with AND
* @return string the combined filter
*/
public function combineFilterWithAnd($filters) {
return $this->combineFilter($filters, '&');
@ -988,9 +1013,7 @@ class Access extends LDAPUtility {
/**
* @brief combines the input filters with AND
* @param $filters array, the filters to connect
* @returns the combined filter
*
* Combines Filter arguments with AND
* @return string the combined filter
*/
public function combineFilterWithOr($filters) {
return $this->combineFilter($filters, '|');
@ -1000,9 +1023,7 @@ class Access extends LDAPUtility {
* @brief combines the input filters with given operator
* @param $filters array, the filters to connect
* @param string $operator either & or |
* @returns the combined filter
*
* Combines Filter arguments with AND
* @return string the combined filter
*/
private function combineFilter($filters, $operator) {
$combinedFilter = '('.$operator;
@ -1017,7 +1038,7 @@ class Access extends LDAPUtility {
}
/**
* @brief creates a filter part for to perfrom search for users
* @brief creates a filter part for to perform search for users
* @param string $search the search term
* @return string the final filter part to use in LDAP searches
*/
@ -1028,7 +1049,7 @@ class Access extends LDAPUtility {
}
/**
* @brief creates a filter part for to perfrom search for groups
* @brief creates a filter part for to perform search for groups
* @param string $search the search term
* @return string the final filter part to use in LDAP searches
*/
@ -1041,9 +1062,10 @@ class Access extends LDAPUtility {
/**
* @brief creates a filter part for searches
* @param string $search the search term
* @param $searchAttributes
* @param string $fallbackAttribute a fallback attribute in case the user
* did not define search attributes. Typically the display name attribute.
* @returns string the final filter part to use in LDAP searches
* @return string the final filter part to use in LDAP searches
*/
private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
$filter = array();
@ -1065,7 +1087,9 @@ class Access extends LDAPUtility {
}
/**
* @param string $name
* @param string $password
* @return bool
*/
public function areCredentialsValid($name, $password) {
$name = $this->DNasBaseParameter($name);
@ -1084,8 +1108,9 @@ class Access extends LDAPUtility {
/**
* @brief auto-detects the directory's UUID attribute
* @param $dn a known DN used to check against
* @param $force the detection should be run, even if it is not set to auto
* @param string $dn a known DN used to check against
* @param bool $isUser
* @param bool $force the detection should be run, even if it is not set to auto
* @returns true on success, false otherwise
*/
private function detectUuidAttribute($dn, $isUser = true, $force = false) {
@ -1106,7 +1131,7 @@ class Access extends LDAPUtility {
return true;
}
//for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
// for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
$testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid');
foreach($testAttributes as $attribute) {
@ -1126,6 +1151,11 @@ class Access extends LDAPUtility {
return false;
}
/**
* @param $dn
* @param bool $isUser
* @return array|bool|false
*/
public function getUUID($dn, $isUser = true) {
if($isUser) {
$uuidAttr = 'ldapUuidUserAttribute';
@ -1154,11 +1184,9 @@ class Access extends LDAPUtility {
/**
* @brief converts a binary ObjectGUID into a string representation
* @param $oguid the ObjectGUID in it's binary form as retrieved from AD
* @returns String
*
* converts a binary ObjectGUID into a string representation
* http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
* @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
* @return string
* @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
*/
private function convertObjectGUID2Str($oguid) {
$hex_guid = bin2hex($oguid);
@ -1181,12 +1209,9 @@ class Access extends LDAPUtility {
}
/**
* @brief converts a stored DN so it can be used as base parameter for LDAP queries
* @param $dn the DN
* @returns String
*
* converts a stored DN so it can be used as base parameter for LDAP queries
* internally we store them for usage in LDAP filters
* @brief converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
* @param string $dn the DN
* @return string
*/
private function DNasBaseParameter($dn) {
return str_ireplace('\\5c', '\\', $dn);
@ -1194,12 +1219,14 @@ class Access extends LDAPUtility {
/**
* @brief checks if the given DN is part of the given base DN(s)
* @param $dn the DN
* @param string $dn the DN
* @param $bases array containing the allowed base DN or DNs
* @returns Boolean
* @return bool
*/
private function isDNPartOfBase($dn, $bases) {
$belongsToBase = false;
$bases = $this->sanitizeDN($bases);
foreach($bases as $base) {
$belongsToBase = true;
if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) {
@ -1214,10 +1241,10 @@ class Access extends LDAPUtility {
/**
* @brief get a cookie for the next LDAP paged search
* @param $base a string with the base DN for the search
* @param $filter the search filter to identify the correct search
* @param $limit the limit (or 'pageSize'), to identify the correct search well
* @param $offset the offset for the new search to identify the correct search really good
* @param string $base a string with the base DN for the search
* @param string $filter the search filter to identify the correct search
* @param int $limit the limit (or 'pageSize'), to identify the correct search well
* @param int $offset the offset for the new search to identify the correct search really good
* @returns string containing the key or empty if none is cached
*/
private function getPagedResultCookie($base, $filter, $limit, $offset) {
@ -1226,10 +1253,10 @@ class Access extends LDAPUtility {
}
$offset -= $limit;
//we work with cache here
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
$cookie = '';
if(isset($this->cookies[$cachekey])) {
$cookie = $this->cookies[$cachekey];
if(isset($this->cookies[$cacheKey])) {
$cookie = $this->cookies[$cacheKey];
if(is_null($cookie)) {
$cookie = '';
}
@ -1239,22 +1266,22 @@ class Access extends LDAPUtility {
/**
* @brief set a cookie for LDAP paged search run
* @param $base a string with the base DN for the search
* @param $filter the search filter to identify the correct search
* @param $limit the limit (or 'pageSize'), to identify the correct search well
* @param $offset the offset for the run search to identify the correct search really good
* @param $cookie string containing the cookie returned by ldap_control_paged_result_response
* @param string $base a string with the base DN for the search
* @param string $filter the search filter to identify the correct search
* @param int $limit the limit (or 'pageSize'), to identify the correct search well
* @param int $offset the offset for the run search to identify the correct search really good
* @param string $cookie string containing the cookie returned by ldap_control_paged_result_response
* @return void
*/
private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) {
if(!empty($cookie)) {
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
$this->cookies[$cachekey] = $cookie;
$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
$this->cookies[$cacheKey] = $cookie;
}
}
/**
* @brief check wether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
* @brief Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
* @return boolean|null true on success, null or false otherwise
*/
public function getPagedSearchResultState() {
@ -1263,15 +1290,14 @@ class Access extends LDAPUtility {
return $result;
}
/**
* @brief prepares a paged search, if possible
* @param $filter the LDAP filter for the search
* @param $bases an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, when a certain attribute shall be filtered outside
* @param $limit
* @param $offset
*
* @brief Prepares a paged search, if possible
* @param string $filter the LDAP filter for the search
* @param array $bases an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, when a certain attribute shall be filtered outside
* @param int $limit
* @param int $offset
* @return bool|true
*/
private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
$pagedSearchOK = false;
@ -1287,8 +1313,9 @@ class Access extends LDAPUtility {
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
if(empty($cookie) && ($offset > 0)) {
// no cookie known, although the offset is not 0. Maybe cache run out. We need
// to start all over *sigh* (btw, Dear Reader, did you need LDAP paged
// to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
// searching was designed by MSFT?)
// Lukas: No, but thanks to reading that source I finally know!
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
//a bit recursive, $offset of 0 is the exit
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);

2
apps/user_ldap/lib/backendutility.php
Unescape Escape View File

@ -30,7 +30,7 @@ abstract class BackendUtility {
/**
* @brief constructor, make sure the subclasses call this one!
* @param $access an instance of Access for LDAP interaction
* @param Access $access an instance of Access for LDAP interaction
*/
public function __construct(Access $access) {
$this->access = $access;

109
apps/user_ldap/lib/configuration.php
Unescape Escape View File

@ -81,25 +81,37 @@ class Configuration {
);
/**
* @param string $configPrefix
* @param $configPrefix
* @param bool $autoRead
*/
public function __construct($configPrefix, $autoread = true) {
public function __construct($configPrefix, $autoRead = true) {
$this->configPrefix = $configPrefix;
if($autoread) {
if($autoRead) {
$this->readConfiguration();
}
}
/**
* @param $name
* @return mixed|void
*/
public function __get($name) {
if(isset($this->config[$name])) {
return $this->config[$name];
}
}
/**
* @param $name
* @param $value
*/
public function __set($name, $value) {
$this->setConfiguration(array($name => $value));
}
/**
* @return array
*/
public function getConfiguration() {
return $this->config;
}
@ -110,7 +122,7 @@ class Configuration {
* must call saveConfiguration afterwards.
* @param $config array that holds the config parameters in an associated
* array
* @param &$applied optional; array where the set fields will be given to
* @param array &$applied optional; array where the set fields will be given to
* @return false|null
*/
public function setConfiguration($config, &$applied = null) {
@ -119,11 +131,11 @@ class Configuration {
}
$cta = $this->getConfigTranslationArray();
foreach($config as $inputkey => $val) {
if(strpos($inputkey, '_') !== false && array_key_exists($inputkey, $cta)) {
$key = $cta[$inputkey];
} elseif(array_key_exists($inputkey, $this->config)) {
$key = $inputkey;
foreach($config as $inputKey => $val) {
if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) {
$key = $cta[$inputKey];
} elseif(array_key_exists($inputKey, $this->config)) {
$key = $inputKey;
} else {
continue;
}
@ -150,7 +162,7 @@ class Configuration {
}
$this->$setMethod($key, $val);
if(is_array($applied)) {
$applied[] = $inputkey;
$applied[] = $inputKey;
}
}
@ -164,7 +176,7 @@ class Configuration {
//some are determined
continue;
}
$dbkey = $cta[$key];
$dbKey = $cta[$key];
switch($key) {
case 'ldapBase':
case 'ldapBaseUsers':
@ -180,7 +192,7 @@ class Configuration {
break;
case 'ldapIgnoreNamingRules':
$readMethod = 'getSystemValue';
$dbkey = $key;
$dbKey = $key;
break;
case 'ldapAgentPassword':
$readMethod = 'getPwd';
@ -193,7 +205,7 @@ class Configuration {
$readMethod = 'getValue';
break;
}
$this->config[$key] = $this->$readMethod($dbkey);
$this->config[$key] = $this->$readMethod($dbKey);
}
$this->configRead = true;
}
@ -237,8 +249,12 @@ class Configuration {
}
}
protected function getMultiLine($varname) {
$value = $this->getValue($varname);
/**
* @param $varName
* @return array|string
*/
protected function getMultiLine($varName) {
$value = $this->getValue($varName);
if(empty($value)) {
$value = '';
} else {
@ -248,7 +264,11 @@ class Configuration {
return $value;
}
protected function setMultiLine($varname, $value) {
/**
* @param $varName
* @param $value
*/
protected function setMultiLine($varName, $value) {
if(empty($value)) {
$value = '';
} else if (!is_array($value)) {
@ -258,44 +278,69 @@ class Configuration {
}
}
$this->setValue($varname, $value);
$this->setValue($varName, $value);
}
protected function getPwd($varname) {
return base64_decode($this->getValue($varname));
/**
* @param $varName
* @return string
*/
protected function getPwd($varName) {
return base64_decode($this->getValue($varName));
}
protected function getLcValue($varname) {
return mb_strtolower($this->getValue($varname), 'UTF-8');
/**
* @param $varName
* @return string
*/
protected function getLcValue($varName) {
return mb_strtolower($this->getValue($varName), 'UTF-8');
}
protected function getSystemValue($varname) {
/**
* @param $varName
* @return string
*/
protected function getSystemValue($varName) {
//FIXME: if another system value is added, softcode the default value
return \OCP\Config::getSystemValue($varname, false);
return \OCP\Config::getSystemValue($varName, false);
}
protected function getValue($varname) {
/**
* @param $varName
* @return string
*/
protected function getValue($varName) {
static $defaults;
if(is_null($defaults)) {
$defaults = $this->getDefaults();
}
return \OCP\Config::getAppValue('user_ldap',
$this->configPrefix.$varname,
$defaults[$varname]);
$this->configPrefix.$varName,
$defaults[$varName]);
}
protected function setValue($varname, $value) {
$this->config[$varname] = $value;
/**
* @param $varName
* @param $value
*/
protected function setValue($varName, $value) {
$this->config[$varName] = $value;
}
protected function saveValue($varname, $value) {
/**
* @param $varName
* @param $value
* @return bool
*/
protected function saveValue($varName, $value) {
return \OCP\Config::setAppValue('user_ldap',
$this->configPrefix.$varname,
$this->configPrefix.$varName,
$value);
}
/**
* @returns an associative array with the default values. Keys are correspond
* @return array an associative array with the default values. Keys are correspond
* to config-value entries in the database table
*/
public function getDefaults() {
@ -350,7 +395,7 @@ class Configuration {
}
/**
* @return returns an array that maps internal variable names to database fields
* @return array that maps internal variable names to database fields
*/
public function getConfigTranslationArray() {
//TODO: merge them into one representation

53
apps/user_ldap/lib/connection.php
Unescape Escape View File

@ -43,8 +43,9 @@ class Connection extends LDAPUtility {
/**
* @brief Constructor
* @param $configPrefix a string with the prefix for the configkey column (appconfig table)
* @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
* @param ILDAPWrapper $ldap
* @param string $configPrefix a string with the prefix for the configkey column (appconfig table)
* @param string $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
*/
public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
parent::__construct($ldap);
@ -82,6 +83,10 @@ class Connection extends LDAPUtility {
!is_null($this->configID));
}
/**
* @param $name
* @return bool|mixed|void
*/
public function __get($name) {
if(!$this->configured) {
$this->readConfiguration();
@ -94,6 +99,10 @@ class Connection extends LDAPUtility {
return $this->configuration->$name;
}
/**
* @param $name
* @param $value
*/
public function __set($name, $value) {
$this->doNotValidate = false;
$before = $this->configuration->$name;
@ -109,9 +118,7 @@ class Connection extends LDAPUtility {
/**
* @brief initializes the LDAP backend
* @param $force read the config settings no matter what
*
* initializes the LDAP backend
* @param bool $force read the config settings no matter what
*/
public function init($force = false) {
$this->readConfiguration($force);
@ -119,7 +126,7 @@ class Connection extends LDAPUtility {
}
/**
* Returns the LDAP handler
* @brief Returns the LDAP handler
*/
public function getConnectionResource() {
if(!$this->ldapConnectionRes) {
@ -135,7 +142,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string|null $key
* @param $key
* @return string
*/
private function getCacheKey($key) {
$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
@ -146,7 +154,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string $key
* @param $key
* @return mixed|null
*/
public function getFromCache($key) {
if(!$this->configured) {
@ -165,7 +174,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string $key
* @param $key
* @return bool
*/
public function isCached($key) {
if(!$this->configured) {
@ -179,7 +189,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string $key
* @param $key
* @param $value
*/
public function writeToCache($key, $value) {
if(!$this->configured) {
@ -200,7 +211,7 @@ class Connection extends LDAPUtility {
/**
* @brief Caches the general LDAP configuration.
* @param $force optional. true, if the re-read should be forced. defaults
* @param bool $force optional. true, if the re-read should be forced. defaults
* to false.
* @return null
*/
@ -214,7 +225,7 @@ class Connection extends LDAPUtility {
/**
* @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to
* @param array &$setParameters optional; array where the set fields will be given to
* @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/
public function setConfiguration($config, &$setParameters = null) {
@ -326,9 +337,9 @@ class Connection extends LDAPUtility {
}
//make sure empty search attributes are saved as simple, empty array
$sakeys = array('ldapAttributesForUserSearch',
$saKeys = array('ldapAttributesForUserSearch',
'ldapAttributesForGroupSearch');
foreach($sakeys as $key) {
foreach($saKeys as $key) {
$val = $this->configuration->$key;
if(is_array($val) && count($val) === 1 && empty($val[0])) {
$this->configuration->$key = array();
@ -345,6 +356,9 @@ class Connection extends LDAPUtility {
}
}
/**
* @return bool
*/
private function doCriticalValidation() {
$configurationOK = true;
$errorStr = 'Configuration Error (prefix '.
@ -435,8 +449,8 @@ class Connection extends LDAPUtility {
// necessary, but advisable. If left empty, give an info message
$this->doSoftValidation();
//second step: critical checks. If left empty or filled wrong, set as
//unconfigured and give a warning.
//second step: critical checks. If left empty or filled wrong, mark as
//not configured and give a warning.
return $this->doCriticalValidation();
}
@ -508,12 +522,17 @@ class Connection extends LDAPUtility {
}
}
/**
* @param $host
* @param $port
* @return false|void
*/
private function doConnect($host, $port) {
if(empty($host)) {
return false;
}
if(strpos($host, '://') !== false) {
//ldap_connect ignores port paramater when URLs are passed
//ldap_connect ignores port parameter when URLs are passed
$host .= ':' . $port;
}
$this->ldapConnectionRes = $this->ldap->connect($host, $port);

12
apps/user_ldap/lib/helper.php
Unescape Escape View File

@ -27,7 +27,7 @@ class Helper {
/**
* @brief returns prefixes for each saved LDAP/AD server configuration.
* @param bool optional, whether only active configuration shall be
* @param bool $activeConfigurations optional, whether only active configuration shall be
* retrieved, defaults to false
* @return array with a list of the available prefixes
*
@ -80,7 +80,7 @@ class Helper {
/**
*
* @brief determines the host for every configured connection
* @return an array with configprefix as keys
* @return array an array with configprefix as keys
*
*/
static public function getServerConfigurationHosts() {
@ -107,7 +107,7 @@ class Helper {
/**
* @brief deletes a given saved LDAP/AD server configuration.
* @param string the configuration prefix of the config to delete
* @param string $prefix the configuration prefix of the config to delete
* @return bool true on success, false otherwise
*/
static public function deleteServerConfiguration($prefix) {
@ -148,7 +148,7 @@ class Helper {
* Truncate's the given mapping table
*
* @param string $mapping either 'user' or 'group'
* @return boolean true on success, false otherwise
* @return bool true on success, false otherwise
*/
static public function clearMapping($mapping) {
if($mapping === 'user') {
@ -177,8 +177,8 @@ class Helper {
/**
* @brief extractsthe domain from a given URL
* @param $url the URL
* @return mixed, domain as string on success, false otherwise
* @param string $url the URL
* @return string|false domain as string on success, false otherwise
*/
static public function getDomainFromURL($url) {
$uinfo = parse_url($url);

116
apps/user_ldap/lib/ildapwrapper.php
Unescape Escape View File

@ -30,9 +30,9 @@ interface ILDAPWrapper {
/**
* @brief Bind to LDAP directory
* @param resource $link LDAP link resource
* @param $dn an RDN to log in with
* @param $password the password
* @return true on success, false otherwise
* @param string $dn an RDN to log in with
* @param string $password the password
* @return bool true on success, false otherwise
*
* with $dn and $password as null a anonymous bind is attempted.
*/
@ -40,28 +40,28 @@ interface ILDAPWrapper {
/**
* @brief connect to an LDAP server
* @param $host The host to connect to
* @param $port The port to connect to
* @return a link resource on success, otherwise false
* @param string $host The host to connect to
* @param string $port The port to connect to
* @return mixed a link resource on success, otherwise false
*/
public function connect($host, $port);
/**
* @brief Send LDAP pagination control
* @param $link LDAP link resource
* @param $pagesize number of results per page
* @param boolean $isCritical Indicates whether the pagination is critical of not.
* @param $cookie structure sent by LDAP server
* @param resource $link LDAP link resource
* @param int $pageSize number of results per page
* @param bool $isCritical Indicates whether the pagination is critical of not.
* @param array $cookie structure sent by LDAP server
* @return true on success, false otherwise
*/
public function controlPagedResult($link, $pagesize, $isCritical, $cookie);
public function controlPagedResult($link, $pageSize, $isCritical, $cookie);
/**
* @brief Retrieve the LDAP pagination cookie
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param $cookie structure sent by LDAP server
* @return boolean on success, false otherwise
* @param array $cookie structure sent by LDAP server
* @return bool true on success, false otherwise
*
* Corresponds to ldap_control_paged_result_response
*/
@ -69,101 +69,101 @@ interface ILDAPWrapper {
/**
* @brief Count the number of entries in a search
* @param $link LDAP link resource
* @param $result LDAP result resource
* @return mixed, number of results on success, false otherwise
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return int|false number of results on success, false otherwise
*/
public function countEntries($link, $result);
/**
* @brief Return the LDAP error number of the last LDAP command
* @param $link LDAP link resource
* @return error message as string
* @param resource $link LDAP link resource
* @return string error message as string
*/
public function errno($link);
/**
* @brief Return the LDAP error message of the last LDAP command
* @param $link LDAP link resource
* @return error code as integer
* @param resource $link LDAP link resource
* @return int error code as integer
*/
public function error($link);
/**
* @brief Return first result id
* @param $link LDAP link resource
* @param $result LDAP result resource
* @return an LDAP search result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return Resource an LDAP search result resource
* */
public function firstEntry($link, $result);
/**
* @brief Get attributes from a search result entry
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return array containing the results, false on error
* */
public function getAttributes($link, $result);
/**
* @brief Get the DN of a result entry
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return string containing the DN, false on error
*/
public function getDN($link, $result);
/**
* @brief Get all result entries
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return array containing the results, false on error
*/
public function getEntries($link, $result);
/**
* @brief Return next result id
* @param $link LDAP link resource
* @param resource $link LDAP link resource
* @param resource $result LDAP entry result resource
* @return an LDAP search result resource
* @return resource an LDAP search result resource
* */
public function nextEntry($link, $result);
/**
* @brief Read an entry
* @param $link LDAP link resource
* @param $baseDN The DN of the entry to read from
* @param $filter An LDAP filter
* @param $attr array of the attributes to read
* @return an LDAP search result resource
* @param resource $link LDAP link resource
* @param array $baseDN The DN of the entry to read from
* @param string $filter An LDAP filter
* @param array $attr array of the attributes to read
* @return resource an LDAP search result resource
*/
public function read($link, $baseDN, $filter, $attr);
/**
* @brief Search LDAP tree
* @param $link LDAP link resource
* @param $baseDN The DN of the entry to read from
* @param $filter An LDAP filter
* @param $attr array of the attributes to read
* @param $attrsonly optional, 1 if only attribute types shall be returned
* @param $limit optional, limits the result entries
* @return an LDAP search result resource, false on error
* @param resource $link LDAP link resource
* @param string $baseDN The DN of the entry to read from
* @param string $filter An LDAP filter
* @param array $attr array of the attributes to read
* @param int $attrsOnly optional, 1 if only attribute types shall be returned
* @param int $limit optional, limits the result entries
* @return resource|false an LDAP search result resource, false on error
*/
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0);
public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0);
/**
* @brief Sets the value of the specified option to be $value
* @param $link LDAP link resource
* @param $option a defined LDAP Server option
* @param integer $value the new value for the option
* @return true on success, false otherwise
* @param resource $link LDAP link resource
* @param string $option a defined LDAP Server option
* @param int $value the new value for the option
* @return bool true on success, false otherwise
*/
public function setOption($link, $option, $value);
/**
* @brief establish Start TLS
* @param $link LDAP link resource
* @return true on success, false otherwise
* @param resource|$link LDAP link resource
* @return bool true on success, false otherwise
*/
public function startTls($link);
@ -171,35 +171,35 @@ interface ILDAPWrapper {
* @brief Sort the result of a LDAP search
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param $sortfilter attribute to use a key in sort
* @param string $sortFilter attribute to use a key in sort
*/
public function sort($link, $result, $sortfilter);
public function sort($link, $result, $sortFilter);
/**
* @brief Unbind from LDAP directory
* @param resource $link LDAP link resource
* @return true on success, false otherwise
* @return bool true on success, false otherwise
*/
public function unbind($link);
//additional required methods in owncloud
//additional required methods in ownCloud
/**
* @brief Checks whether the server supports LDAP
* @return boolean if it the case, false otherwise
* @return bool true if it the case, false otherwise
* */
public function areLDAPFunctionsAvailable();
/**
* @brief Checks whether PHP supports LDAP Paged Results
* @return boolean if it the case, false otherwise
* @return bool true if it the case, false otherwise
* */
public function hasPagedResultSupport();
/**
* @brief Checks whether the submitted parameter is a resource
* @param $resource the resource variable to check
* @return boolean if it is a resource, false otherwise
* @param resource $resource the resource variable to check
* @return bool true if it is a resource, false otherwise
*/
public function isResource($resource);

21
apps/user_ldap/lib/jobs.php
Unescape Escape View File

@ -33,6 +33,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
$this->interval = self::getRefreshInterval();
}
/**
* @param $argument
*/
public function run($argument){
Jobs::updateGroups();
}
@ -57,11 +60,17 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Finished.', \OCP\Util::DEBUG);
}
/**
* @return int
*/
static private function getRefreshInterval() {
//defaults to every hour
return \OCP\Config::getAppValue('user_ldap', 'bgjRefreshInterval', 3600);
}
/**
* @param $groups
*/
static private function handleKnownGroups($groups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Dealing with known Groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare('
@ -97,6 +106,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG);
}
/**
* @param $createdGroups
*/
static private function handleCreatedGroups($createdGroups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with created Groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare('
@ -116,6 +128,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG);
}
/**
* @param $removedGroups
*/
static private function handleRemovedGroups($removedGroups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with removed groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare('
@ -134,6 +149,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG);
}
/**
* @return \OCA\user_ldap\GROUP_LDAP|\OCA\user_ldap\Group_Proxy
*/
static private function getGroupBE() {
if(!is_null(self::$groupBE)) {
return self::$groupBE;
@ -152,6 +170,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
return self::$groupBE;
}
/**
* @return array
*/
static private function getKnownGroups() {
if(is_array(self::$groupsFromDB)) {
return self::$groupsFromDB;

121
apps/user_ldap/lib/ldap.php
Unescape Escape View File

@ -27,14 +27,31 @@ class LDAP implements ILDAPWrapper {
protected $curFunc = '';
protected $curArgs = array();
/**
* @param resource $link
* @param string $dn
* @param string $password
* @return bool|mixed
*/
public function bind($link, $dn, $password) {
return $this->invokeLDAPMethod('bind', $link, $dn, $password);
}
/**
* @param string $host
* @param string $port
* @return mixed
*/
public function connect($host, $port) {
return $this->invokeLDAPMethod('connect', $host, $port);
}
/**
* @param LDAP $link
* @param LDAP $result
* @param $cookie
* @return bool|LDAP
*/
public function controlPagedResultResponse($link, $result, &$cookie) {
$this->preFunctionCall('ldap_control_paged_result_response',
array($link, $result, $cookie));
@ -44,64 +61,144 @@ class LDAP implements ILDAPWrapper {
return $result;
}
public function controlPagedResult($link, $pagesize, $isCritical, $cookie) {
return $this->invokeLDAPMethod('control_paged_result', $link, $pagesize,
/**
* @param LDAP $link
* @param int $pageSize
* @param bool $isCritical
* @param array $cookie
* @return mixed|true
*/
public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
$isCritical, $cookie);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed
*/
public function countEntries($link, $result) {
return $this->invokeLDAPMethod('count_entries', $link, $result);
}
/**
* @param LDAP $link
* @return mixed|string
*/
public function errno($link) {
return $this->invokeLDAPMethod('errno', $link);
}
/**
* @param LDAP $link
* @return int|mixed
*/
public function error($link) {
return $this->invokeLDAPMethod('error', $link);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed
*/
public function firstEntry($link, $result) {
return $this->invokeLDAPMethod('first_entry', $link, $result);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return array|mixed
*/
public function getAttributes($link, $result) {
return $this->invokeLDAPMethod('get_attributes', $link, $result);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed|string
*/
public function getDN($link, $result) {
return $this->invokeLDAPMethod('get_dn', $link, $result);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return array|mixed
*/
public function getEntries($link, $result) {
return $this->invokeLDAPMethod('get_entries', $link, $result);
}
/**
* @param LDAP $link
* @param resource $result
* @return mixed|an
*/
public function nextEntry($link, $result) {
return $this->invokeLDAPMethod('next_entry', $link, $result);
}
/**
* @param LDAP $link
* @param string $baseDN
* @param string $filter
* @param array $attr
* @return mixed
*/
public function read($link, $baseDN, $filter, $attr) {
return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
}
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0) {
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter,
$attr, $attrsonly, $limit);
/**
* @param LDAP $link
* @param string $baseDN
* @param string $filter
* @param array $attr
* @param int $attrsOnly
* @param int $limit
* @return mixed
*/
public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
}
/**
* @param LDAP $link
* @param string $option
* @param int $value
* @return bool|mixed
*/
public function setOption($link, $option, $value) {
return $this->invokeLDAPMethod('set_option', $link, $option, $value);
}
public function sort($link, $result, $sortfilter) {
return $this->invokeLDAPMethod('sort', $link, $result, $sortfilter);
/**
* @param LDAP $link
* @param LDAP $result
* @param string $sortFilter
* @return mixed
*/
public function sort($link, $result, $sortFilter) {
return $this->invokeLDAPMethod('sort', $link, $result, $sortFilter);
}
/**
* @param LDAP $link
* @return mixed|true
*/
public function startTls($link) {
return $this->invokeLDAPMethod('start_tls', $link);
}
/**
* @param resource $link
* @return bool|mixed
*/
public function unbind($link) {
return $this->invokeLDAPMethod('unbind', $link);
}
@ -126,13 +223,16 @@ class LDAP implements ILDAPWrapper {
/**
* @brief Checks whether the submitted parameter is a resource
* @param $resource the resource variable to check
* @return boolean if it is a resource, false otherwise
* @param Resource $resource the resource variable to check
* @return bool true if it is a resource, false otherwise
*/
public function isResource($resource) {
return is_resource($resource);
}
/**
* @return mixed
*/
private function invokeLDAPMethod() {
$arguments = func_get_args();
$func = 'ldap_' . array_shift($arguments);
@ -148,6 +248,7 @@ class LDAP implements ILDAPWrapper {
/**
* @param string $functionName
* @param $args
*/
private function preFunctionCall($functionName, $args) {
$this->curFunc = $functionName;
@ -181,4 +282,4 @@ class LDAP implements ILDAPWrapper {
$this->curFunc = '';
$this->curArgs = array();
}
}
}

2
apps/user_ldap/lib/ldaputility.php
Unescape Escape View File

@ -28,7 +28,7 @@ abstract class LDAPUtility {
/**
* @brief constructor, make sure the subclasses call this one!
* @param $ldapWrapper an instance of an ILDAPWrapper
* @param ILDAPWrapper $ldapWrapper an instance of an ILDAPWrapper
*/
public function __construct(ILDAPWrapper $ldapWrapper) {
$this->ldap = $ldapWrapper;

47
apps/user_ldap/lib/proxy.php
Unescape Escape View File

@ -29,16 +29,26 @@ abstract class Proxy {
static private $accesses = array();
private $ldap = null;
/**
* @param ILDAPWrapper $ldap
*/
public function __construct(ILDAPWrapper $ldap) {
$this->ldap = $ldap;
$this->cache = \OC_Cache::getGlobalCache();
}
/**
* @param $configPrefix
*/
private function addAccess($configPrefix) {
$connector = new Connection($this->ldap, $configPrefix);
self::$accesses[$configPrefix] = new Access($connector, $this->ldap);
}
/**
* @param $configPrefix
* @return mixed
*/
protected function getAccess($configPrefix) {
if(!isset(self::$accesses[$configPrefix])) {
$this->addAccess($configPrefix);
@ -46,30 +56,45 @@ abstract class Proxy {
return self::$accesses[$configPrefix];
}
/**
* @param $uid
* @return string
*/
protected function getUserCacheKey($uid) {
return 'user-'.$uid.'-lastSeenOn';
}
/**
* @param $gid
* @return string
*/
protected function getGroupCacheKey($gid) {
return 'group-'.$gid.'-lastSeenOn';
}
/**
* @param boolean $passOnWhen
* @param string $method
* @param $id
* @param $method
* @param $parameters
* @param bool $passOnWhen
* @return mixed
*/
abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
/**
* @param string $method
* @param $id
* @param $method
* @param $parameters
* @return mixed
*/
abstract protected function walkBackends($id, $method, $parameters);
/**
* @brief Takes care of the request to the User backend
* @param $uid string, the uid connected to the request
* @param $id
* @param string $method string, the method of the user backend that shall be called
* @param $parameters an array of parameters to be passed
* @param array $parameters an array of parameters to be passed
* @param bool $passOnWhen
* @return mixed, the result of the specified method
*/
protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
@ -81,7 +106,8 @@ abstract class Proxy {
}
/**
* @param string|null $key
* @param $key
* @return string
*/
private function getCacheKey($key) {
$prefix = 'LDAP-Proxy-';
@ -92,7 +118,8 @@ abstract class Proxy {
}
/**
* @param string $key
* @param $key
* @return mixed|null
*/
public function getFromCache($key) {
if(!$this->isCached($key)) {
@ -104,7 +131,8 @@ abstract class Proxy {
}
/**
* @param string $key
* @param $key
* @return bool
*/
public function isCached($key) {
$key = $this->getCacheKey($key);
@ -112,7 +140,8 @@ abstract class Proxy {
}
/**
* @param string $key
* @param $key
* @param $value
*/
public function writeToCache($key, $value) {
$key = $this->getCacheKey($key);

130
apps/user_ldap/lib/wizard.php
Unescape Escape View File

@ -45,8 +45,8 @@ class Wizard extends LDAPUtility {
/**
* @brief Constructor
* @param $configuration an instance of Configuration
* @param $ldap an instance of ILDAPWrapper
* @param Configuration $configuration an instance of Configuration
* @param ILDAPWrapper $ldap an instance of ILDAPWrapper
*/
public function __construct(Configuration $configuration, ILDAPWrapper $ldap) {
parent::__construct($ldap);
@ -63,6 +63,10 @@ class Wizard extends LDAPUtility {
}
}
/**
* @return WizardResult
* @throws \Exception
*/
public function countGroups() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -96,6 +100,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function countUsers() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -125,7 +133,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function determineAttributes() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -152,6 +163,7 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the Group Filter Mode
* @return WizardResult
*/
public function getGroupFilterMode() {
$this->getFilterMode('ldapGroupFilterMode');
@ -160,6 +172,7 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the Login Filter Mode
* @return WizardResult
*/
public function getLoginFilterMode() {
$this->getFilterMode('ldapLoginFilterMode');
@ -168,6 +181,7 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the User Filter Mode
* @return WizardResult
*/
public function getUserFilterMode() {
$this->getFilterMode('ldapUserFilterMode');
@ -176,19 +190,20 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the mode of the specified filter
* @param string $confkey string, contains the access key of the Configuration
* @param string $confKey contains the access key of the Configuration
*/
private function getFilterMode($confkey) {
$mode = $this->configuration->$confkey;
private function getFilterMode($confKey) {
$mode = $this->configuration->$confKey;
if(is_null($mode)) {
$mode = $this->LFILTER_MODE_ASSISTED;
}
$this->result->addChange($confkey, $mode);
$this->result->addChange($confKey, $mode);
}
/**
* @brief detects the available LDAP attributes
* @returns the instance's WizardResult instance
* @return array The instance's WizardResult instance
* @throws \Exception
*/
private function getUserAttributes() {
if(!$this->checkRequirements(array('ldapHost',
@ -221,7 +236,7 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
* @returns WizardResult the instance's WizardResult instance
*/
public function determineGroupsForGroups() {
return $this->determineGroups('ldap_groupfilter_groups',
@ -231,7 +246,7 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
* @returns WizardResult the instance's WizardResult instance
*/
public function determineGroupsForUsers() {
return $this->determineGroups('ldap_userfilter_groups',
@ -240,11 +255,13 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available LDAP groups
* @param string $dbkey
* @param string $confkey
* @returns the instance's WizardResult instance
* @param string $dbKey
* @param string $confKey
* @param bool $testMemberOf
* @return WizardResult the instance's WizardResult instance
* @throws \Exception
*/
private function determineGroups($dbkey, $confkey, $testMemberOf = true) {
private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
'ldapBase',
@ -256,8 +273,8 @@ class Wizard extends LDAPUtility {
throw new \Exception('Could not connect to LDAP');
}
$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', '*');
$this->determineFeature($obclasses, 'cn', $dbkey, $confkey);
$obClasses = array('posixGroup', 'group', 'zimbraDistributionList', '*');
$this->determineFeature($obClasses, 'cn', $dbKey, $confKey);
if($testMemberOf) {
$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
@ -270,6 +287,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return bool|WizardResult
* @throws \Exception
*/
public function determineGroupMemberAssoc() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -289,8 +310,9 @@ class Wizard extends LDAPUtility {
}
/**
* @brief detects the available object classes
* @returns the instance's WizardResult instance
* @brief Detects the available object classes
* @return WizardResult the instance's WizardResult instance
* @throws \Exception
*/
public function determineGroupObjectClasses() {
if(!$this->checkRequirements(array('ldapHost',
@ -316,7 +338,8 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available object classes
* @returns the instance's WizardResult instance
* @return WizardResult
* @throws \Exception
*/
public function determineUserObjectClasses() {
if(!$this->checkRequirements(array('ldapHost',
@ -344,6 +367,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function getGroupFilter() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -364,6 +391,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function getUserListFilter() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -386,6 +417,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return bool|WizardResult
* @throws \Exception
*/
public function getUserLoginFilter() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -406,7 +441,8 @@ class Wizard extends LDAPUtility {
/**
* Tries to determine the port, requires given Host, User DN and Password
* @returns mixed WizardResult on success, false otherwise
* @returns WizardResult|false WizardResult on success, false otherwise
* @throws \Exception
*/
public function guessPortAndTLS() {
if(!$this->checkRequirements(array('ldapHost',
@ -486,8 +522,7 @@ class Wizard extends LDAPUtility {
* @brief sets the found value for the configuration key in the WizardResult
* as well as in the Configuration instance
* @param string $key the configuration key
* @param $value the (detected) value
* @return null
* @param string $value the (detected) value
*
*/
private function applyFind($key, $value) {
@ -516,7 +551,8 @@ class Wizard extends LDAPUtility {
/**
* @brief tries to detect the group member association attribute which is
* one of 'uniqueMember', 'memberUid', 'member'
* @return mixed, string with the attribute name, false on error
* @return string|false, string with the attribute name, false on error
* @throws \Exception
*/
private function detectGroupMemberAssoc() {
$possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa');
@ -535,7 +571,7 @@ class Wizard extends LDAPUtility {
}
$er = $this->ldap->firstEntry($cr, $rr);
while(is_resource($er)) {
$dn = $this->ldap->getDN($cr, $er);
$this->ldap->getDN($cr, $er);
$attrs = $this->ldap->getAttributes($cr, $er);
$result = array();
for($i = 0; $i < count($possibleAttrs); $i++) {
@ -558,6 +594,7 @@ class Wizard extends LDAPUtility {
* @brief Checks whether for a given BaseDN results will be returned
* @param string $base the BaseDN to test
* @return bool true on success, false otherwise
* @throws \Exception
*/
private function testBaseDN($base) {
$cr = $this->getConnection();
@ -583,7 +620,8 @@ class Wizard extends LDAPUtility {
* @brief Checks whether the server supports memberOf in LDAP Filter.
* Requires that groups are determined, thus internally called from within
* determineGroups()
* @return bool, true if it does, false otherwise
* @return bool true if it does, false otherwise
* @throws \Exception
*/
private function testMemberOf() {
$cr = $this->getConnection();
@ -624,7 +662,8 @@ class Wizard extends LDAPUtility {
* @param integer $filterType int, for which use case the filter shall be created
* can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
* self::LFILTER_GROUP_LIST
* @return mixed, string with the filter on success, false otherwise
* @return string|false string with the filter on success, false otherwise
* @throws \Exception
*/
private function composeLdapFilter($filterType) {
$filter = '';
@ -765,9 +804,11 @@ class Wizard extends LDAPUtility {
/**
* Connects and Binds to an LDAP Server
* @param $port the port to connect with
* @param $tls whether startTLS is to be used
* @return
* @param int $port the port to connect with
* @param bool $tls whether startTLS is to be used
* @param bool $ncc
* @return bool
* @throws \Exception
*/
private function connectAndBind($port = 389, $tls = false, $ncc = false) {
if($ncc) {
@ -819,17 +860,17 @@ class Wizard extends LDAPUtility {
if($ncc) {
throw new \Exception('Certificate cannot be validated.');
}
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successfull to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
return true;
}
$errno = $this->ldap->errno($cr);
$errNo = $this->ldap->errno($cr);
$error = ldap_error($cr);
$this->ldap->unbind($cr);
if($errno === -1 || ($errno === 2 && $ncc)) {
if($errNo === -1 || ($errNo === 2 && $ncc)) {
//host, port or TLS wrong
return false;
} else if ($errno === 2) {
} else if ($errNo === 2) {
return $this->connectAndBind($port, $tls, true);
}
throw new \Exception($error);
@ -838,8 +879,7 @@ class Wizard extends LDAPUtility {
/**
* @brief checks whether a valid combination of agent and password has been
* provided (either two values or nothing for anonymous connect)
* @return boolean, true if everything is fine, false otherwise
*
* @return bool, true if everything is fine, false otherwise
*/
private function checkAgentRequirements() {
$agent = $this->configuration->ldapAgentName;
@ -850,7 +890,8 @@ class Wizard extends LDAPUtility {
}
/**
* @param string[] $reqs
* @param array $reqs
* @return bool
*/
private function checkRequirements($reqs) {
$this->checkAgentRequirements();
@ -874,8 +915,7 @@ class Wizard extends LDAPUtility {
* The lower, the faster
* @param string $maxF string. if not null, this variable will have the filter that
* yields most result entries
* @return mixed, an array with the values on success, false otherwise
*
* @return array|false an array with the values on success, false otherwise
*/
public function cumulativeSearchOnAttribute($filters, $attr, $lfw = true, $dnReadLimit = 3, &$maxF = null) {
$dnRead = array();
@ -949,7 +989,8 @@ class Wizard extends LDAPUtility {
* Configuration class
* @param $po boolean, whether the objectClass with most result entries
* shall be pre-selected via the result
* @returns array, list of found items.
* @return array, list of found items.
* @throws \Exception
*/
private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
$cr = $this->getConnection();
@ -1013,7 +1054,7 @@ class Wizard extends LDAPUtility {
return self::LRESULT_PROCESSED_INVALID;
}
//strtolower on all keys for proper comparison
// strtolower on all keys for proper comparison
$result = \OCP\Util::mb_array_change_key_case($result);
$attribute = strtolower($attribute);
if(isset($result[$attribute])) {
@ -1031,6 +1072,9 @@ class Wizard extends LDAPUtility {
}
}
/**
* @return bool|mixed
*/
private function getConnection() {
if(!is_null($this->cr)) {
return $this->cr;
@ -1057,6 +1101,9 @@ class Wizard extends LDAPUtility {
return false;
}
/**
* @return array
*/
private function getDefaultLdapPortSettings() {
static $settings = array(
array('port' => 7636, 'tls' => false),
@ -1069,6 +1116,9 @@ class Wizard extends LDAPUtility {
return $settings;
}
/**
* @return array
*/
private function getPortSettingsToTry() {
//389 ← LDAP / Unencrypted or StartTLS
//636 ← LDAPS / SSL

13
apps/user_ldap/lib/wizardresult.php
Unescape Escape View File

@ -28,10 +28,17 @@ class WizardResult {
protected $options = array();
protected $markedChange = false;
/**
* @param $key
* @param $value
*/
public function addChange($key, $value) {
$this->changes[$key] = $value;
}
/**
*
*/
public function markChange() {
$this->markedChange = true;
}
@ -47,10 +54,16 @@ class WizardResult {
$this->options[$key] = $values;
}
/**
* @return bool
*/
public function hasChanges() {
return (count($this->changes) > 0 || $this->markedChange);
}
/**
* @return array
*/
public function getResultArray() {
$result = array();
$result['changes'] = $this->changes;