nextcloud /
server
@@ -33,350 +33,350 @@ |
||
| 33 | 33 | use OCA\User_LDAP\Exceptions\ConstraintViolationException; |
| 34 | 34 | |
| 35 | 35 | class LDAP implements ILDAPWrapper { |
| 36 | - protected $curFunc = ''; |
|
| 37 | - protected $curArgs = array(); |
|
| 38 | - |
|
| 39 | - /** |
|
| 40 | - * @param resource $link |
|
| 41 | - * @param string $dn |
|
| 42 | - * @param string $password |
|
| 43 | - * @return bool|mixed |
|
| 44 | - */ |
|
| 45 | - public function bind($link, $dn, $password) { |
|
| 46 | - return $this->invokeLDAPMethod('bind', $link, $dn, $password); |
|
| 47 | - } |
|
| 48 | - |
|
| 49 | - /** |
|
| 50 | - * @param string $host |
|
| 51 | - * @param string $port |
|
| 52 | - * @return mixed |
|
| 53 | - */ |
|
| 54 | - public function connect($host, $port) { |
|
| 55 | - if(strpos($host, '://') === false) { |
|
| 56 | - $host = 'ldap://' . $host; |
|
| 57 | - } |
|
| 58 | - if(strpos($host, ':', strpos($host, '://') + 1) === false) { |
|
| 59 | - //ldap_connect ignores port parameter when URLs are passed |
|
| 60 | - $host .= ':' . $port; |
|
| 61 | - } |
|
| 62 | - return $this->invokeLDAPMethod('connect', $host); |
|
| 63 | - } |
|
| 64 | - |
|
| 65 | - /** |
|
| 66 | - * @param resource $link |
|
| 67 | - * @param resource $result |
|
| 68 | - * @param string $cookie |
|
| 69 | - * @return bool|LDAP |
|
| 70 | - */ |
|
| 71 | - public function controlPagedResultResponse($link, $result, &$cookie) { |
|
| 72 | - $this->preFunctionCall('ldap_control_paged_result_response', |
|
| 73 | - array($link, $result, $cookie)); |
|
| 74 | - $result = ldap_control_paged_result_response($link, $result, $cookie); |
|
| 75 | - $this->postFunctionCall(); |
|
| 76 | - |
|
| 77 | - return $result; |
|
| 78 | - } |
|
| 79 | - |
|
| 80 | - /** |
|
| 81 | - * @param LDAP $link |
|
| 82 | - * @param int $pageSize |
|
| 83 | - * @param bool $isCritical |
|
| 84 | - * @param string $cookie |
|
| 85 | - * @return mixed|true |
|
| 86 | - */ |
|
| 87 | - public function controlPagedResult($link, $pageSize, $isCritical, $cookie) { |
|
| 88 | - return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize, |
|
| 89 | - $isCritical, $cookie); |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - /** |
|
| 93 | - * @param LDAP $link |
|
| 94 | - * @param LDAP $result |
|
| 95 | - * @return mixed |
|
| 96 | - */ |
|
| 97 | - public function countEntries($link, $result) { |
|
| 98 | - return $this->invokeLDAPMethod('count_entries', $link, $result); |
|
| 99 | - } |
|
| 100 | - |
|
| 101 | - /** |
|
| 102 | - * @param LDAP $link |
|
| 103 | - * @return integer |
|
| 104 | - */ |
|
| 105 | - public function errno($link) { |
|
| 106 | - return $this->invokeLDAPMethod('errno', $link); |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - /** |
|
| 110 | - * @param LDAP $link |
|
| 111 | - * @return string |
|
| 112 | - */ |
|
| 113 | - public function error($link) { |
|
| 114 | - return $this->invokeLDAPMethod('error', $link); |
|
| 115 | - } |
|
| 116 | - |
|
| 117 | - /** |
|
| 118 | - * Splits DN into its component parts |
|
| 119 | - * @param string $dn |
|
| 120 | - * @param int @withAttrib |
|
| 121 | - * @return array|false |
|
| 122 | - * @link http://www.php.net/manual/en/function.ldap-explode-dn.php |
|
| 123 | - */ |
|
| 124 | - public function explodeDN($dn, $withAttrib) { |
|
| 125 | - return $this->invokeLDAPMethod('explode_dn', $dn, $withAttrib); |
|
| 126 | - } |
|
| 127 | - |
|
| 128 | - /** |
|
| 129 | - * @param LDAP $link |
|
| 130 | - * @param LDAP $result |
|
| 131 | - * @return mixed |
|
| 132 | - */ |
|
| 133 | - public function firstEntry($link, $result) { |
|
| 134 | - return $this->invokeLDAPMethod('first_entry', $link, $result); |
|
| 135 | - } |
|
| 136 | - |
|
| 137 | - /** |
|
| 138 | - * @param LDAP $link |
|
| 139 | - * @param LDAP $result |
|
| 140 | - * @return array|mixed |
|
| 141 | - */ |
|
| 142 | - public function getAttributes($link, $result) { |
|
| 143 | - return $this->invokeLDAPMethod('get_attributes', $link, $result); |
|
| 144 | - } |
|
| 145 | - |
|
| 146 | - /** |
|
| 147 | - * @param LDAP $link |
|
| 148 | - * @param LDAP $result |
|
| 149 | - * @return mixed|string |
|
| 150 | - */ |
|
| 151 | - public function getDN($link, $result) { |
|
| 152 | - return $this->invokeLDAPMethod('get_dn', $link, $result); |
|
| 153 | - } |
|
| 154 | - |
|
| 155 | - /** |
|
| 156 | - * @param LDAP $link |
|
| 157 | - * @param LDAP $result |
|
| 158 | - * @return array|mixed |
|
| 159 | - */ |
|
| 160 | - public function getEntries($link, $result) { |
|
| 161 | - return $this->invokeLDAPMethod('get_entries', $link, $result); |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - /** |
|
| 165 | - * @param LDAP $link |
|
| 166 | - * @param resource $result |
|
| 167 | - * @return mixed |
|
| 168 | - */ |
|
| 169 | - public function nextEntry($link, $result) { |
|
| 170 | - return $this->invokeLDAPMethod('next_entry', $link, $result); |
|
| 171 | - } |
|
| 172 | - |
|
| 173 | - /** |
|
| 174 | - * @param LDAP $link |
|
| 175 | - * @param string $baseDN |
|
| 176 | - * @param string $filter |
|
| 177 | - * @param array $attr |
|
| 178 | - * @return mixed |
|
| 179 | - */ |
|
| 180 | - public function read($link, $baseDN, $filter, $attr) { |
|
| 181 | - return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr); |
|
| 182 | - } |
|
| 183 | - |
|
| 184 | - /** |
|
| 185 | - * @param LDAP $link |
|
| 186 | - * @param string $baseDN |
|
| 187 | - * @param string $filter |
|
| 188 | - * @param array $attr |
|
| 189 | - * @param int $attrsOnly |
|
| 190 | - * @param int $limit |
|
| 191 | - * @return mixed |
|
| 192 | - * @throws \Exception |
|
| 193 | - */ |
|
| 194 | - public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) { |
|
| 195 | - $oldHandler = set_error_handler(function($no, $message, $file, $line) use (&$oldHandler) { |
|
| 196 | - if(strpos($message, 'Partial search results returned: Sizelimit exceeded') !== false) { |
|
| 197 | - return true; |
|
| 198 | - } |
|
| 199 | - $oldHandler($no, $message, $file, $line); |
|
| 200 | - return true; |
|
| 201 | - }); |
|
| 202 | - try { |
|
| 203 | - $result = $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit); |
|
| 204 | - restore_error_handler(); |
|
| 205 | - return $result; |
|
| 206 | - } catch (\Exception $e) { |
|
| 207 | - restore_error_handler(); |
|
| 208 | - throw $e; |
|
| 209 | - } |
|
| 210 | - } |
|
| 211 | - |
|
| 212 | - /** |
|
| 213 | - * @param LDAP $link |
|
| 214 | - * @param string $userDN |
|
| 215 | - * @param string $password |
|
| 216 | - * @return bool |
|
| 217 | - */ |
|
| 218 | - public function modReplace($link, $userDN, $password) { |
|
| 219 | - return $this->invokeLDAPMethod('mod_replace', $link, $userDN, array('userPassword' => $password)); |
|
| 220 | - } |
|
| 221 | - |
|
| 222 | - /** |
|
| 223 | - * @param LDAP $link |
|
| 224 | - * @param string $option |
|
| 225 | - * @param int $value |
|
| 226 | - * @return bool|mixed |
|
| 227 | - */ |
|
| 228 | - public function setOption($link, $option, $value) { |
|
| 229 | - return $this->invokeLDAPMethod('set_option', $link, $option, $value); |
|
| 230 | - } |
|
| 231 | - |
|
| 232 | - /** |
|
| 233 | - * @param LDAP $link |
|
| 234 | - * @return mixed|true |
|
| 235 | - */ |
|
| 236 | - public function startTls($link) { |
|
| 237 | - return $this->invokeLDAPMethod('start_tls', $link); |
|
| 238 | - } |
|
| 239 | - |
|
| 240 | - /** |
|
| 241 | - * @param resource $link |
|
| 242 | - * @return bool|mixed |
|
| 243 | - */ |
|
| 244 | - public function unbind($link) { |
|
| 245 | - return $this->invokeLDAPMethod('unbind', $link); |
|
| 246 | - } |
|
| 247 | - |
|
| 248 | - /** |
|
| 249 | - * Checks whether the server supports LDAP |
|
| 250 | - * @return boolean if it the case, false otherwise |
|
| 251 | - * */ |
|
| 252 | - public function areLDAPFunctionsAvailable() { |
|
| 253 | - return function_exists('ldap_connect'); |
|
| 254 | - } |
|
| 255 | - |
|
| 256 | - /** |
|
| 257 | - * Checks whether the submitted parameter is a resource |
|
| 258 | - * @param Resource $resource the resource variable to check |
|
| 259 | - * @return bool true if it is a resource, false otherwise |
|
| 260 | - */ |
|
| 261 | - public function isResource($resource) { |
|
| 262 | - return is_resource($resource); |
|
| 263 | - } |
|
| 264 | - |
|
| 265 | - /** |
|
| 266 | - * Checks whether the return value from LDAP is wrong or not. |
|
| 267 | - * |
|
| 268 | - * When using ldap_search we provide an array, in case multiple bases are |
|
| 269 | - * configured. Thus, we need to check the array elements. |
|
| 270 | - * |
|
| 271 | - * @param $result |
|
| 272 | - * @return bool |
|
| 273 | - */ |
|
| 274 | - protected function isResultFalse($result) { |
|
| 275 | - if($result === false) { |
|
| 276 | - return true; |
|
| 277 | - } |
|
| 278 | - |
|
| 279 | - if($this->curFunc === 'ldap_search' && is_array($result)) { |
|
| 280 | - foreach ($result as $singleResult) { |
|
| 281 | - if($singleResult === false) { |
|
| 282 | - return true; |
|
| 283 | - } |
|
| 284 | - } |
|
| 285 | - } |
|
| 286 | - |
|
| 287 | - return false; |
|
| 288 | - } |
|
| 289 | - |
|
| 290 | - /** |
|
| 291 | - * @return mixed |
|
| 292 | - */ |
|
| 293 | - protected function invokeLDAPMethod() { |
|
| 294 | - $arguments = func_get_args(); |
|
| 295 | - $func = 'ldap_' . array_shift($arguments); |
|
| 296 | - if(function_exists($func)) { |
|
| 297 | - $this->preFunctionCall($func, $arguments); |
|
| 298 | - $result = call_user_func_array($func, $arguments); |
|
| 299 | - if ($this->isResultFalse($result)) { |
|
| 300 | - $this->postFunctionCall(); |
|
| 301 | - } |
|
| 302 | - return $result; |
|
| 303 | - } |
|
| 304 | - return null; |
|
| 305 | - } |
|
| 306 | - |
|
| 307 | - /** |
|
| 308 | - * @param string $functionName |
|
| 309 | - * @param array $args |
|
| 310 | - */ |
|
| 311 | - private function preFunctionCall($functionName, $args) { |
|
| 312 | - $this->curFunc = $functionName; |
|
| 313 | - $this->curArgs = $args; |
|
| 314 | - } |
|
| 315 | - |
|
| 316 | - /** |
|
| 317 | - * Analyzes the returned LDAP error and acts accordingly if not 0 |
|
| 318 | - * |
|
| 319 | - * @param resource $resource the LDAP Connection resource |
|
| 320 | - * @throws ConstraintViolationException |
|
| 321 | - * @throws ServerNotAvailableException |
|
| 322 | - * @throws \Exception |
|
| 323 | - */ |
|
| 324 | - private function processLDAPError($resource) { |
|
| 325 | - $errorCode = ldap_errno($resource); |
|
| 326 | - if($errorCode === 0) { |
|
| 327 | - return; |
|
| 328 | - } |
|
| 329 | - $errorMsg = ldap_error($resource); |
|
| 330 | - |
|
| 331 | - if($this->curFunc === 'ldap_get_entries' |
|
| 332 | - && $errorCode === -4) { |
|
| 333 | - } else if ($errorCode === 32) { |
|
| 334 | - //for now |
|
| 335 | - } else if ($errorCode === 10) { |
|
| 336 | - //referrals, we switch them off, but then there is AD :) |
|
| 337 | - } else if ($errorCode === -1) { |
|
| 338 | - throw new ServerNotAvailableException('Lost connection to LDAP server.'); |
|
| 339 | - } else if ($errorCode === 52) { |
|
| 340 | - throw new ServerNotAvailableException('LDAP server is shutting down.'); |
|
| 341 | - } else if ($errorCode === 48) { |
|
| 342 | - throw new \Exception('LDAP authentication method rejected', $errorCode); |
|
| 343 | - } else if ($errorCode === 1) { |
|
| 344 | - throw new \Exception('LDAP Operations error', $errorCode); |
|
| 345 | - } else if ($errorCode === 19) { |
|
| 346 | - ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error); |
|
| 347 | - throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode); |
|
| 348 | - } else { |
|
| 349 | - \OC::$server->getLogger()->debug('LDAP error {message} ({code}) after calling {func}', [ |
|
| 350 | - 'app' => 'user_ldap', |
|
| 351 | - 'message' => $errorMsg, |
|
| 352 | - 'code' => $errorCode, |
|
| 353 | - 'func' => $this->curFunc, |
|
| 354 | - ]); |
|
| 355 | - } |
|
| 356 | - } |
|
| 357 | - |
|
| 358 | - /** |
|
| 359 | - * Called after an ldap method is run to act on LDAP error if necessary |
|
| 360 | - * @throw \Exception |
|
| 361 | - */ |
|
| 362 | - private function postFunctionCall() { |
|
| 363 | - if($this->isResource($this->curArgs[0])) { |
|
| 364 | - $resource = $this->curArgs[0]; |
|
| 365 | - } else if( |
|
| 366 | - $this->curFunc === 'ldap_search' |
|
| 367 | - && is_array($this->curArgs[0]) |
|
| 368 | - && $this->isResource($this->curArgs[0][0]) |
|
| 369 | - ) { |
|
| 370 | - // we use always the same LDAP connection resource, is enough to |
|
| 371 | - // take the first one. |
|
| 372 | - $resource = $this->curArgs[0][0]; |
|
| 373 | - } else { |
|
| 374 | - return; |
|
| 375 | - } |
|
| 376 | - |
|
| 377 | - $this->processLDAPError($resource); |
|
| 378 | - |
|
| 379 | - $this->curFunc = ''; |
|
| 380 | - $this->curArgs = []; |
|
| 381 | - } |
|
| 36 | + protected $curFunc = ''; |
|
| 37 | + protected $curArgs = array(); |
|
| 38 | + |
|
| 39 | + /** |
|
| 40 | + * @param resource $link |
|
| 41 | + * @param string $dn |
|
| 42 | + * @param string $password |
|
| 43 | + * @return bool|mixed |
|
| 44 | + */ |
|
| 45 | + public function bind($link, $dn, $password) { |
|
| 46 | + return $this->invokeLDAPMethod('bind', $link, $dn, $password); |
|
| 47 | + } |
|
| 48 | + |
|
| 49 | + /** |
|
| 50 | + * @param string $host |
|
| 51 | + * @param string $port |
|
| 52 | + * @return mixed |
|
| 53 | + */ |
|
| 54 | + public function connect($host, $port) { |
|
| 55 | + if(strpos($host, '://') === false) { |
|
| 56 | + $host = 'ldap://' . $host; |
|
| 57 | + } |
|
| 58 | + if(strpos($host, ':', strpos($host, '://') + 1) === false) { |
|
| 59 | + //ldap_connect ignores port parameter when URLs are passed |
|
| 60 | + $host .= ':' . $port; |
|
| 61 | + } |
|
| 62 | + return $this->invokeLDAPMethod('connect', $host); |
|
| 63 | + } |
|
| 64 | + |
|
| 65 | + /** |
|
| 66 | + * @param resource $link |
|
| 67 | + * @param resource $result |
|
| 68 | + * @param string $cookie |
|
| 69 | + * @return bool|LDAP |
|
| 70 | + */ |
|
| 71 | + public function controlPagedResultResponse($link, $result, &$cookie) { |
|
| 72 | + $this->preFunctionCall('ldap_control_paged_result_response', |
|
| 73 | + array($link, $result, $cookie)); |
|
| 74 | + $result = ldap_control_paged_result_response($link, $result, $cookie); |
|
| 75 | + $this->postFunctionCall(); |
|
| 76 | + |
|
| 77 | + return $result; |
|
| 78 | + } |
|
| 79 | + |
|
| 80 | + /** |
|
| 81 | + * @param LDAP $link |
|
| 82 | + * @param int $pageSize |
|
| 83 | + * @param bool $isCritical |
|
| 84 | + * @param string $cookie |
|
| 85 | + * @return mixed|true |
|
| 86 | + */ |
|
| 87 | + public function controlPagedResult($link, $pageSize, $isCritical, $cookie) { |
|
| 88 | + return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize, |
|
| 89 | + $isCritical, $cookie); |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + /** |
|
| 93 | + * @param LDAP $link |
|
| 94 | + * @param LDAP $result |
|
| 95 | + * @return mixed |
|
| 96 | + */ |
|
| 97 | + public function countEntries($link, $result) { |
|
| 98 | + return $this->invokeLDAPMethod('count_entries', $link, $result); |
|
| 99 | + } |
|
| 100 | + |
|
| 101 | + /** |
|
| 102 | + * @param LDAP $link |
|
| 103 | + * @return integer |
|
| 104 | + */ |
|
| 105 | + public function errno($link) { |
|
| 106 | + return $this->invokeLDAPMethod('errno', $link); |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + /** |
|
| 110 | + * @param LDAP $link |
|
| 111 | + * @return string |
|
| 112 | + */ |
|
| 113 | + public function error($link) { |
|
| 114 | + return $this->invokeLDAPMethod('error', $link); |
|
| 115 | + } |
|
| 116 | + |
|
| 117 | + /** |
|
| 118 | + * Splits DN into its component parts |
|
| 119 | + * @param string $dn |
|
| 120 | + * @param int @withAttrib |
|
| 121 | + * @return array|false |
|
| 122 | + * @link http://www.php.net/manual/en/function.ldap-explode-dn.php |
|
| 123 | + */ |
|
| 124 | + public function explodeDN($dn, $withAttrib) { |
|
| 125 | + return $this->invokeLDAPMethod('explode_dn', $dn, $withAttrib); |
|
| 126 | + } |
|
| 127 | + |
|
| 128 | + /** |
|
| 129 | + * @param LDAP $link |
|
| 130 | + * @param LDAP $result |
|
| 131 | + * @return mixed |
|
| 132 | + */ |
|
| 133 | + public function firstEntry($link, $result) { |
|
| 134 | + return $this->invokeLDAPMethod('first_entry', $link, $result); |
|
| 135 | + } |
|
| 136 | + |
|
| 137 | + /** |
|
| 138 | + * @param LDAP $link |
|
| 139 | + * @param LDAP $result |
|
| 140 | + * @return array|mixed |
|
| 141 | + */ |
|
| 142 | + public function getAttributes($link, $result) { |
|
| 143 | + return $this->invokeLDAPMethod('get_attributes', $link, $result); |
|
| 144 | + } |
|
| 145 | + |
|
| 146 | + /** |
|
| 147 | + * @param LDAP $link |
|
| 148 | + * @param LDAP $result |
|
| 149 | + * @return mixed|string |
|
| 150 | + */ |
|
| 151 | + public function getDN($link, $result) { |
|
| 152 | + return $this->invokeLDAPMethod('get_dn', $link, $result); |
|
| 153 | + } |
|
| 154 | + |
|
| 155 | + /** |
|
| 156 | + * @param LDAP $link |
|
| 157 | + * @param LDAP $result |
|
| 158 | + * @return array|mixed |
|
| 159 | + */ |
|
| 160 | + public function getEntries($link, $result) { |
|
| 161 | + return $this->invokeLDAPMethod('get_entries', $link, $result); |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + /** |
|
| 165 | + * @param LDAP $link |
|
| 166 | + * @param resource $result |
|
| 167 | + * @return mixed |
|
| 168 | + */ |
|
| 169 | + public function nextEntry($link, $result) { |
|
| 170 | + return $this->invokeLDAPMethod('next_entry', $link, $result); |
|
| 171 | + } |
|
| 172 | + |
|
| 173 | + /** |
|
| 174 | + * @param LDAP $link |
|
| 175 | + * @param string $baseDN |
|
| 176 | + * @param string $filter |
|
| 177 | + * @param array $attr |
|
| 178 | + * @return mixed |
|
| 179 | + */ |
|
| 180 | + public function read($link, $baseDN, $filter, $attr) { |
|
| 181 | + return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr); |
|
| 182 | + } |
|
| 183 | + |
|
| 184 | + /** |
|
| 185 | + * @param LDAP $link |
|
| 186 | + * @param string $baseDN |
|
| 187 | + * @param string $filter |
|
| 188 | + * @param array $attr |
|
| 189 | + * @param int $attrsOnly |
|
| 190 | + * @param int $limit |
|
| 191 | + * @return mixed |
|
| 192 | + * @throws \Exception |
|
| 193 | + */ |
|
| 194 | + public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) { |
|
| 195 | + $oldHandler = set_error_handler(function($no, $message, $file, $line) use (&$oldHandler) { |
|
| 196 | + if(strpos($message, 'Partial search results returned: Sizelimit exceeded') !== false) { |
|
| 197 | + return true; |
|
| 198 | + } |
|
| 199 | + $oldHandler($no, $message, $file, $line); |
|
| 200 | + return true; |
|
| 201 | + }); |
|
| 202 | + try { |
|
| 203 | + $result = $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit); |
|
| 204 | + restore_error_handler(); |
|
| 205 | + return $result; |
|
| 206 | + } catch (\Exception $e) { |
|
| 207 | + restore_error_handler(); |
|
| 208 | + throw $e; |
|
| 209 | + } |
|
| 210 | + } |
|
| 211 | + |
|
| 212 | + /** |
|
| 213 | + * @param LDAP $link |
|
| 214 | + * @param string $userDN |
|
| 215 | + * @param string $password |
|
| 216 | + * @return bool |
|
| 217 | + */ |
|
| 218 | + public function modReplace($link, $userDN, $password) { |
|
| 219 | + return $this->invokeLDAPMethod('mod_replace', $link, $userDN, array('userPassword' => $password)); |
|
| 220 | + } |
|
| 221 | + |
|
| 222 | + /** |
|
| 223 | + * @param LDAP $link |
|
| 224 | + * @param string $option |
|
| 225 | + * @param int $value |
|
| 226 | + * @return bool|mixed |
|
| 227 | + */ |
|
| 228 | + public function setOption($link, $option, $value) { |
|
| 229 | + return $this->invokeLDAPMethod('set_option', $link, $option, $value); |
|
| 230 | + } |
|
| 231 | + |
|
| 232 | + /** |
|
| 233 | + * @param LDAP $link |
|
| 234 | + * @return mixed|true |
|
| 235 | + */ |
|
| 236 | + public function startTls($link) { |
|
| 237 | + return $this->invokeLDAPMethod('start_tls', $link); |
|
| 238 | + } |
|
| 239 | + |
|
| 240 | + /** |
|
| 241 | + * @param resource $link |
|
| 242 | + * @return bool|mixed |
|
| 243 | + */ |
|
| 244 | + public function unbind($link) { |
|
| 245 | + return $this->invokeLDAPMethod('unbind', $link); |
|
| 246 | + } |
|
| 247 | + |
|
| 248 | + /** |
|
| 249 | + * Checks whether the server supports LDAP |
|
| 250 | + * @return boolean if it the case, false otherwise |
|
| 251 | + * */ |
|
| 252 | + public function areLDAPFunctionsAvailable() { |
|
| 253 | + return function_exists('ldap_connect'); |
|
| 254 | + } |
|
| 255 | + |
|
| 256 | + /** |
|
| 257 | + * Checks whether the submitted parameter is a resource |
|
| 258 | + * @param Resource $resource the resource variable to check |
|
| 259 | + * @return bool true if it is a resource, false otherwise |
|
| 260 | + */ |
|
| 261 | + public function isResource($resource) { |
|
| 262 | + return is_resource($resource); |
|
| 263 | + } |
|
| 264 | + |
|
| 265 | + /** |
|
| 266 | + * Checks whether the return value from LDAP is wrong or not. |
|
| 267 | + * |
|
| 268 | + * When using ldap_search we provide an array, in case multiple bases are |
|
| 269 | + * configured. Thus, we need to check the array elements. |
|
| 270 | + * |
|
| 271 | + * @param $result |
|
| 272 | + * @return bool |
|
| 273 | + */ |
|
| 274 | + protected function isResultFalse($result) { |
|
| 275 | + if($result === false) { |
|
| 276 | + return true; |
|
| 277 | + } |
|
| 278 | + |
|
| 279 | + if($this->curFunc === 'ldap_search' && is_array($result)) { |
|
| 280 | + foreach ($result as $singleResult) { |
|
| 281 | + if($singleResult === false) { |
|
| 282 | + return true; |
|
| 283 | + } |
|
| 284 | + } |
|
| 285 | + } |
|
| 286 | + |
|
| 287 | + return false; |
|
| 288 | + } |
|
| 289 | + |
|
| 290 | + /** |
|
| 291 | + * @return mixed |
|
| 292 | + */ |
|
| 293 | + protected function invokeLDAPMethod() { |
|
| 294 | + $arguments = func_get_args(); |
|
| 295 | + $func = 'ldap_' . array_shift($arguments); |
|
| 296 | + if(function_exists($func)) { |
|
| 297 | + $this->preFunctionCall($func, $arguments); |
|
| 298 | + $result = call_user_func_array($func, $arguments); |
|
| 299 | + if ($this->isResultFalse($result)) { |
|
| 300 | + $this->postFunctionCall(); |
|
| 301 | + } |
|
| 302 | + return $result; |
|
| 303 | + } |
|
| 304 | + return null; |
|
| 305 | + } |
|
| 306 | + |
|
| 307 | + /** |
|
| 308 | + * @param string $functionName |
|
| 309 | + * @param array $args |
|
| 310 | + */ |
|
| 311 | + private function preFunctionCall($functionName, $args) { |
|
| 312 | + $this->curFunc = $functionName; |
|
| 313 | + $this->curArgs = $args; |
|
| 314 | + } |
|
| 315 | + |
|
| 316 | + /** |
|
| 317 | + * Analyzes the returned LDAP error and acts accordingly if not 0 |
|
| 318 | + * |
|
| 319 | + * @param resource $resource the LDAP Connection resource |
|
| 320 | + * @throws ConstraintViolationException |
|
| 321 | + * @throws ServerNotAvailableException |
|
| 322 | + * @throws \Exception |
|
| 323 | + */ |
|
| 324 | + private function processLDAPError($resource) { |
|
| 325 | + $errorCode = ldap_errno($resource); |
|
| 326 | + if($errorCode === 0) { |
|
| 327 | + return; |
|
| 328 | + } |
|
| 329 | + $errorMsg = ldap_error($resource); |
|
| 330 | + |
|
| 331 | + if($this->curFunc === 'ldap_get_entries' |
|
| 332 | + && $errorCode === -4) { |
|
| 333 | + } else if ($errorCode === 32) { |
|
| 334 | + //for now |
|
| 335 | + } else if ($errorCode === 10) { |
|
| 336 | + //referrals, we switch them off, but then there is AD :) |
|
| 337 | + } else if ($errorCode === -1) { |
|
| 338 | + throw new ServerNotAvailableException('Lost connection to LDAP server.'); |
|
| 339 | + } else if ($errorCode === 52) { |
|
| 340 | + throw new ServerNotAvailableException('LDAP server is shutting down.'); |
|
| 341 | + } else if ($errorCode === 48) { |
|
| 342 | + throw new \Exception('LDAP authentication method rejected', $errorCode); |
|
| 343 | + } else if ($errorCode === 1) { |
|
| 344 | + throw new \Exception('LDAP Operations error', $errorCode); |
|
| 345 | + } else if ($errorCode === 19) { |
|
| 346 | + ldap_get_option($this->curArgs[0], LDAP_OPT_ERROR_STRING, $extended_error); |
|
| 347 | + throw new ConstraintViolationException(!empty($extended_error)?$extended_error:$errorMsg, $errorCode); |
|
| 348 | + } else { |
|
| 349 | + \OC::$server->getLogger()->debug('LDAP error {message} ({code}) after calling {func}', [ |
|
| 350 | + 'app' => 'user_ldap', |
|
| 351 | + 'message' => $errorMsg, |
|
| 352 | + 'code' => $errorCode, |
|
| 353 | + 'func' => $this->curFunc, |
|
| 354 | + ]); |
|
| 355 | + } |
|
| 356 | + } |
|
| 357 | + |
|
| 358 | + /** |
|
| 359 | + * Called after an ldap method is run to act on LDAP error if necessary |
|
| 360 | + * @throw \Exception |
|
| 361 | + */ |
|
| 362 | + private function postFunctionCall() { |
|
| 363 | + if($this->isResource($this->curArgs[0])) { |
|
| 364 | + $resource = $this->curArgs[0]; |
|
| 365 | + } else if( |
|
| 366 | + $this->curFunc === 'ldap_search' |
|
| 367 | + && is_array($this->curArgs[0]) |
|
| 368 | + && $this->isResource($this->curArgs[0][0]) |
|
| 369 | + ) { |
|
| 370 | + // we use always the same LDAP connection resource, is enough to |
|
| 371 | + // take the first one. |
|
| 372 | + $resource = $this->curArgs[0][0]; |
|
| 373 | + } else { |
|
| 374 | + return; |
|
| 375 | + } |
|
| 376 | + |
|
| 377 | + $this->processLDAPError($resource); |
|
| 378 | + |
|
| 379 | + $this->curFunc = ''; |
|
| 380 | + $this->curArgs = []; |
|
| 381 | + } |
|
| 382 | 382 | } |
