nextcloud /
server
@@ -41,269 +41,269 @@ |
||
| 41 | 41 | |
| 42 | 42 | class Helper { |
| 43 | 43 | |
| 44 | - /** @var IConfig */ |
|
| 45 | - private $config; |
|
| 46 | - |
|
| 47 | - /** @var IDBConnection */ |
|
| 48 | - private $connection; |
|
| 49 | - |
|
| 50 | - /** @var CappedMemoryCache */ |
|
| 51 | - protected $sanitizeDnCache; |
|
| 52 | - |
|
| 53 | - public function __construct(IConfig $config, |
|
| 54 | - IDBConnection $connection) { |
|
| 55 | - $this->config = $config; |
|
| 56 | - $this->connection = $connection; |
|
| 57 | - $this->sanitizeDnCache = new CappedMemoryCache(10000); |
|
| 58 | - } |
|
| 59 | - |
|
| 60 | - /** |
|
| 61 | - * returns prefixes for each saved LDAP/AD server configuration. |
|
| 62 | - * |
|
| 63 | - * @param bool $activeConfigurations optional, whether only active configuration shall be |
|
| 64 | - * retrieved, defaults to false |
|
| 65 | - * @return array with a list of the available prefixes |
|
| 66 | - * |
|
| 67 | - * Configuration prefixes are used to set up configurations for n LDAP or |
|
| 68 | - * AD servers. Since configuration is stored in the database, table |
|
| 69 | - * appconfig under appid user_ldap, the common identifiers in column |
|
| 70 | - * 'configkey' have a prefix. The prefix for the very first server |
|
| 71 | - * configuration is empty. |
|
| 72 | - * Configkey Examples: |
|
| 73 | - * Server 1: ldap_login_filter |
|
| 74 | - * Server 2: s1_ldap_login_filter |
|
| 75 | - * Server 3: s2_ldap_login_filter |
|
| 76 | - * |
|
| 77 | - * The prefix needs to be passed to the constructor of Connection class, |
|
| 78 | - * except the default (first) server shall be connected to. |
|
| 79 | - * |
|
| 80 | - */ |
|
| 81 | - public function getServerConfigurationPrefixes($activeConfigurations = false): array { |
|
| 82 | - $referenceConfigkey = 'ldap_configuration_active'; |
|
| 83 | - |
|
| 84 | - $keys = $this->getServersConfig($referenceConfigkey); |
|
| 85 | - |
|
| 86 | - $prefixes = []; |
|
| 87 | - foreach ($keys as $key) { |
|
| 88 | - if ($activeConfigurations && $this->config->getAppValue('user_ldap', $key, '0') !== '1') { |
|
| 89 | - continue; |
|
| 90 | - } |
|
| 91 | - |
|
| 92 | - $len = strlen($key) - strlen($referenceConfigkey); |
|
| 93 | - $prefixes[] = substr($key, 0, $len); |
|
| 94 | - } |
|
| 95 | - asort($prefixes); |
|
| 96 | - |
|
| 97 | - return $prefixes; |
|
| 98 | - } |
|
| 99 | - |
|
| 100 | - /** |
|
| 101 | - * |
|
| 102 | - * determines the host for every configured connection |
|
| 103 | - * |
|
| 104 | - * @return array an array with configprefix as keys |
|
| 105 | - * |
|
| 106 | - */ |
|
| 107 | - public function getServerConfigurationHosts() { |
|
| 108 | - $referenceConfigkey = 'ldap_host'; |
|
| 109 | - |
|
| 110 | - $keys = $this->getServersConfig($referenceConfigkey); |
|
| 111 | - |
|
| 112 | - $result = []; |
|
| 113 | - foreach ($keys as $key) { |
|
| 114 | - $len = strlen($key) - strlen($referenceConfigkey); |
|
| 115 | - $prefix = substr($key, 0, $len); |
|
| 116 | - $result[$prefix] = $this->config->getAppValue('user_ldap', $key); |
|
| 117 | - } |
|
| 118 | - |
|
| 119 | - return $result; |
|
| 120 | - } |
|
| 121 | - |
|
| 122 | - /** |
|
| 123 | - * return the next available configuration prefix |
|
| 124 | - * |
|
| 125 | - * @return string |
|
| 126 | - */ |
|
| 127 | - public function getNextServerConfigurationPrefix() { |
|
| 128 | - $serverConnections = $this->getServerConfigurationPrefixes(); |
|
| 129 | - |
|
| 130 | - if (count($serverConnections) === 0) { |
|
| 131 | - return 's01'; |
|
| 132 | - } |
|
| 133 | - |
|
| 134 | - sort($serverConnections); |
|
| 135 | - $lastKey = array_pop($serverConnections); |
|
| 136 | - $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 137 | - return 's' . str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 138 | - } |
|
| 139 | - |
|
| 140 | - private function getServersConfig($value) { |
|
| 141 | - $regex = '/' . $value . '$/S'; |
|
| 142 | - |
|
| 143 | - $keys = $this->config->getAppKeys('user_ldap'); |
|
| 144 | - $result = []; |
|
| 145 | - foreach ($keys as $key) { |
|
| 146 | - if (preg_match($regex, $key) === 1) { |
|
| 147 | - $result[] = $key; |
|
| 148 | - } |
|
| 149 | - } |
|
| 150 | - |
|
| 151 | - return $result; |
|
| 152 | - } |
|
| 153 | - |
|
| 154 | - /** |
|
| 155 | - * deletes a given saved LDAP/AD server configuration. |
|
| 156 | - * |
|
| 157 | - * @param string $prefix the configuration prefix of the config to delete |
|
| 158 | - * @return bool true on success, false otherwise |
|
| 159 | - */ |
|
| 160 | - public function deleteServerConfiguration($prefix) { |
|
| 161 | - if (!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 162 | - return false; |
|
| 163 | - } |
|
| 164 | - |
|
| 165 | - $query = $this->connection->getQueryBuilder(); |
|
| 166 | - $query->delete('appconfig') |
|
| 167 | - ->where($query->expr()->eq('appid', $query->createNamedParameter('user_ldap'))) |
|
| 168 | - ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string)$prefix . '%'))) |
|
| 169 | - ->andWhere($query->expr()->notIn('configkey', $query->createNamedParameter([ |
|
| 170 | - 'enabled', |
|
| 171 | - 'installed_version', |
|
| 172 | - 'types', |
|
| 173 | - 'bgjUpdateGroupsLastRun', |
|
| 174 | - ], IQueryBuilder::PARAM_STR_ARRAY))); |
|
| 175 | - |
|
| 176 | - if (empty($prefix)) { |
|
| 177 | - $query->andWhere($query->expr()->notLike('configkey', $query->createNamedParameter('s%'))); |
|
| 178 | - } |
|
| 179 | - |
|
| 180 | - $deletedRows = $query->execute(); |
|
| 181 | - return $deletedRows !== 0; |
|
| 182 | - } |
|
| 183 | - |
|
| 184 | - /** |
|
| 185 | - * checks whether there is one or more disabled LDAP configurations |
|
| 186 | - */ |
|
| 187 | - public function haveDisabledConfigurations(): bool { |
|
| 188 | - $all = $this->getServerConfigurationPrefixes(false); |
|
| 189 | - $active = $this->getServerConfigurationPrefixes(true); |
|
| 190 | - |
|
| 191 | - return count($all) !== count($active) || count($all) === 0; |
|
| 192 | - } |
|
| 193 | - |
|
| 194 | - /** |
|
| 195 | - * extracts the domain from a given URL |
|
| 196 | - * |
|
| 197 | - * @param string $url the URL |
|
| 198 | - * @return string|false domain as string on success, false otherwise |
|
| 199 | - */ |
|
| 200 | - public function getDomainFromURL($url) { |
|
| 201 | - $uinfo = parse_url($url); |
|
| 202 | - if (!is_array($uinfo)) { |
|
| 203 | - return false; |
|
| 204 | - } |
|
| 205 | - |
|
| 206 | - $domain = false; |
|
| 207 | - if (isset($uinfo['host'])) { |
|
| 208 | - $domain = $uinfo['host']; |
|
| 209 | - } elseif (isset($uinfo['path'])) { |
|
| 210 | - $domain = $uinfo['path']; |
|
| 211 | - } |
|
| 212 | - |
|
| 213 | - return $domain; |
|
| 214 | - } |
|
| 215 | - |
|
| 216 | - /** |
|
| 217 | - * |
|
| 218 | - * Set the LDAPProvider in the config |
|
| 219 | - * |
|
| 220 | - */ |
|
| 221 | - public function setLDAPProvider() { |
|
| 222 | - $current = \OC::$server->getConfig()->getSystemValue('ldapProviderFactory', null); |
|
| 223 | - if (is_null($current)) { |
|
| 224 | - \OC::$server->getConfig()->setSystemValue('ldapProviderFactory', LDAPProviderFactory::class); |
|
| 225 | - } |
|
| 226 | - } |
|
| 227 | - |
|
| 228 | - /** |
|
| 229 | - * sanitizes a DN received from the LDAP server |
|
| 230 | - * |
|
| 231 | - * @param array $dn the DN in question |
|
| 232 | - * @return array|string the sanitized DN |
|
| 233 | - */ |
|
| 234 | - public function sanitizeDN($dn) { |
|
| 235 | - //treating multiple base DNs |
|
| 236 | - if (is_array($dn)) { |
|
| 237 | - $result = []; |
|
| 238 | - foreach ($dn as $singleDN) { |
|
| 239 | - $result[] = $this->sanitizeDN($singleDN); |
|
| 240 | - } |
|
| 241 | - return $result; |
|
| 242 | - } |
|
| 243 | - |
|
| 244 | - if (!is_string($dn)) { |
|
| 245 | - throw new \LogicException('String expected ' . \gettype($dn) . ' given'); |
|
| 246 | - } |
|
| 247 | - |
|
| 248 | - if (($sanitizedDn = $this->sanitizeDnCache->get($dn)) !== null) { |
|
| 249 | - return $sanitizedDn; |
|
| 250 | - } |
|
| 251 | - |
|
| 252 | - //OID sometimes gives back DNs with whitespace after the comma |
|
| 253 | - // a la "uid=foo, cn=bar, dn=..." We need to tackle this! |
|
| 254 | - $sanitizedDn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn); |
|
| 255 | - |
|
| 256 | - //make comparisons and everything work |
|
| 257 | - $sanitizedDn = mb_strtolower($sanitizedDn, 'UTF-8'); |
|
| 258 | - |
|
| 259 | - //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn |
|
| 260 | - //to use the DN in search filters, \ needs to be escaped to \5c additionally |
|
| 261 | - //to use them in bases, we convert them back to simple backslashes in readAttribute() |
|
| 262 | - $replacements = [ |
|
| 263 | - '\,' => '\5c2C', |
|
| 264 | - '\=' => '\5c3D', |
|
| 265 | - '\+' => '\5c2B', |
|
| 266 | - '\<' => '\5c3C', |
|
| 267 | - '\>' => '\5c3E', |
|
| 268 | - '\;' => '\5c3B', |
|
| 269 | - '\"' => '\5c22', |
|
| 270 | - '\#' => '\5c23', |
|
| 271 | - '(' => '\28', |
|
| 272 | - ')' => '\29', |
|
| 273 | - '*' => '\2A', |
|
| 274 | - ]; |
|
| 275 | - $sanitizedDn = str_replace(array_keys($replacements), array_values($replacements), $sanitizedDn); |
|
| 276 | - $this->sanitizeDnCache->set($dn, $sanitizedDn); |
|
| 277 | - |
|
| 278 | - return $sanitizedDn; |
|
| 279 | - } |
|
| 280 | - |
|
| 281 | - /** |
|
| 282 | - * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters |
|
| 283 | - * |
|
| 284 | - * @param string $dn the DN |
|
| 285 | - * @return string |
|
| 286 | - */ |
|
| 287 | - public function DNasBaseParameter($dn) { |
|
| 288 | - return str_ireplace('\\5c', '\\', $dn); |
|
| 289 | - } |
|
| 290 | - |
|
| 291 | - /** |
|
| 292 | - * listens to a hook thrown by server2server sharing and replaces the given |
|
| 293 | - * login name by a username, if it matches an LDAP user. |
|
| 294 | - * |
|
| 295 | - * @param array $param |
|
| 296 | - * @throws \Exception |
|
| 297 | - */ |
|
| 298 | - public static function loginName2UserName($param) { |
|
| 299 | - if (!isset($param['uid'])) { |
|
| 300 | - throw new \Exception('key uid is expected to be set in $param'); |
|
| 301 | - } |
|
| 302 | - |
|
| 303 | - $userBackend = \OC::$server->get(User_Proxy::class); |
|
| 304 | - $uid = $userBackend->loginName2UserName($param['uid']); |
|
| 305 | - if ($uid !== false) { |
|
| 306 | - $param['uid'] = $uid; |
|
| 307 | - } |
|
| 308 | - } |
|
| 44 | + /** @var IConfig */ |
|
| 45 | + private $config; |
|
| 46 | + |
|
| 47 | + /** @var IDBConnection */ |
|
| 48 | + private $connection; |
|
| 49 | + |
|
| 50 | + /** @var CappedMemoryCache */ |
|
| 51 | + protected $sanitizeDnCache; |
|
| 52 | + |
|
| 53 | + public function __construct(IConfig $config, |
|
| 54 | + IDBConnection $connection) { |
|
| 55 | + $this->config = $config; |
|
| 56 | + $this->connection = $connection; |
|
| 57 | + $this->sanitizeDnCache = new CappedMemoryCache(10000); |
|
| 58 | + } |
|
| 59 | + |
|
| 60 | + /** |
|
| 61 | + * returns prefixes for each saved LDAP/AD server configuration. |
|
| 62 | + * |
|
| 63 | + * @param bool $activeConfigurations optional, whether only active configuration shall be |
|
| 64 | + * retrieved, defaults to false |
|
| 65 | + * @return array with a list of the available prefixes |
|
| 66 | + * |
|
| 67 | + * Configuration prefixes are used to set up configurations for n LDAP or |
|
| 68 | + * AD servers. Since configuration is stored in the database, table |
|
| 69 | + * appconfig under appid user_ldap, the common identifiers in column |
|
| 70 | + * 'configkey' have a prefix. The prefix for the very first server |
|
| 71 | + * configuration is empty. |
|
| 72 | + * Configkey Examples: |
|
| 73 | + * Server 1: ldap_login_filter |
|
| 74 | + * Server 2: s1_ldap_login_filter |
|
| 75 | + * Server 3: s2_ldap_login_filter |
|
| 76 | + * |
|
| 77 | + * The prefix needs to be passed to the constructor of Connection class, |
|
| 78 | + * except the default (first) server shall be connected to. |
|
| 79 | + * |
|
| 80 | + */ |
|
| 81 | + public function getServerConfigurationPrefixes($activeConfigurations = false): array { |
|
| 82 | + $referenceConfigkey = 'ldap_configuration_active'; |
|
| 83 | + |
|
| 84 | + $keys = $this->getServersConfig($referenceConfigkey); |
|
| 85 | + |
|
| 86 | + $prefixes = []; |
|
| 87 | + foreach ($keys as $key) { |
|
| 88 | + if ($activeConfigurations && $this->config->getAppValue('user_ldap', $key, '0') !== '1') { |
|
| 89 | + continue; |
|
| 90 | + } |
|
| 91 | + |
|
| 92 | + $len = strlen($key) - strlen($referenceConfigkey); |
|
| 93 | + $prefixes[] = substr($key, 0, $len); |
|
| 94 | + } |
|
| 95 | + asort($prefixes); |
|
| 96 | + |
|
| 97 | + return $prefixes; |
|
| 98 | + } |
|
| 99 | + |
|
| 100 | + /** |
|
| 101 | + * |
|
| 102 | + * determines the host for every configured connection |
|
| 103 | + * |
|
| 104 | + * @return array an array with configprefix as keys |
|
| 105 | + * |
|
| 106 | + */ |
|
| 107 | + public function getServerConfigurationHosts() { |
|
| 108 | + $referenceConfigkey = 'ldap_host'; |
|
| 109 | + |
|
| 110 | + $keys = $this->getServersConfig($referenceConfigkey); |
|
| 111 | + |
|
| 112 | + $result = []; |
|
| 113 | + foreach ($keys as $key) { |
|
| 114 | + $len = strlen($key) - strlen($referenceConfigkey); |
|
| 115 | + $prefix = substr($key, 0, $len); |
|
| 116 | + $result[$prefix] = $this->config->getAppValue('user_ldap', $key); |
|
| 117 | + } |
|
| 118 | + |
|
| 119 | + return $result; |
|
| 120 | + } |
|
| 121 | + |
|
| 122 | + /** |
|
| 123 | + * return the next available configuration prefix |
|
| 124 | + * |
|
| 125 | + * @return string |
|
| 126 | + */ |
|
| 127 | + public function getNextServerConfigurationPrefix() { |
|
| 128 | + $serverConnections = $this->getServerConfigurationPrefixes(); |
|
| 129 | + |
|
| 130 | + if (count($serverConnections) === 0) { |
|
| 131 | + return 's01'; |
|
| 132 | + } |
|
| 133 | + |
|
| 134 | + sort($serverConnections); |
|
| 135 | + $lastKey = array_pop($serverConnections); |
|
| 136 | + $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 137 | + return 's' . str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 138 | + } |
|
| 139 | + |
|
| 140 | + private function getServersConfig($value) { |
|
| 141 | + $regex = '/' . $value . '$/S'; |
|
| 142 | + |
|
| 143 | + $keys = $this->config->getAppKeys('user_ldap'); |
|
| 144 | + $result = []; |
|
| 145 | + foreach ($keys as $key) { |
|
| 146 | + if (preg_match($regex, $key) === 1) { |
|
| 147 | + $result[] = $key; |
|
| 148 | + } |
|
| 149 | + } |
|
| 150 | + |
|
| 151 | + return $result; |
|
| 152 | + } |
|
| 153 | + |
|
| 154 | + /** |
|
| 155 | + * deletes a given saved LDAP/AD server configuration. |
|
| 156 | + * |
|
| 157 | + * @param string $prefix the configuration prefix of the config to delete |
|
| 158 | + * @return bool true on success, false otherwise |
|
| 159 | + */ |
|
| 160 | + public function deleteServerConfiguration($prefix) { |
|
| 161 | + if (!in_array($prefix, self::getServerConfigurationPrefixes())) { |
|
| 162 | + return false; |
|
| 163 | + } |
|
| 164 | + |
|
| 165 | + $query = $this->connection->getQueryBuilder(); |
|
| 166 | + $query->delete('appconfig') |
|
| 167 | + ->where($query->expr()->eq('appid', $query->createNamedParameter('user_ldap'))) |
|
| 168 | + ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string)$prefix . '%'))) |
|
| 169 | + ->andWhere($query->expr()->notIn('configkey', $query->createNamedParameter([ |
|
| 170 | + 'enabled', |
|
| 171 | + 'installed_version', |
|
| 172 | + 'types', |
|
| 173 | + 'bgjUpdateGroupsLastRun', |
|
| 174 | + ], IQueryBuilder::PARAM_STR_ARRAY))); |
|
| 175 | + |
|
| 176 | + if (empty($prefix)) { |
|
| 177 | + $query->andWhere($query->expr()->notLike('configkey', $query->createNamedParameter('s%'))); |
|
| 178 | + } |
|
| 179 | + |
|
| 180 | + $deletedRows = $query->execute(); |
|
| 181 | + return $deletedRows !== 0; |
|
| 182 | + } |
|
| 183 | + |
|
| 184 | + /** |
|
| 185 | + * checks whether there is one or more disabled LDAP configurations |
|
| 186 | + */ |
|
| 187 | + public function haveDisabledConfigurations(): bool { |
|
| 188 | + $all = $this->getServerConfigurationPrefixes(false); |
|
| 189 | + $active = $this->getServerConfigurationPrefixes(true); |
|
| 190 | + |
|
| 191 | + return count($all) !== count($active) || count($all) === 0; |
|
| 192 | + } |
|
| 193 | + |
|
| 194 | + /** |
|
| 195 | + * extracts the domain from a given URL |
|
| 196 | + * |
|
| 197 | + * @param string $url the URL |
|
| 198 | + * @return string|false domain as string on success, false otherwise |
|
| 199 | + */ |
|
| 200 | + public function getDomainFromURL($url) { |
|
| 201 | + $uinfo = parse_url($url); |
|
| 202 | + if (!is_array($uinfo)) { |
|
| 203 | + return false; |
|
| 204 | + } |
|
| 205 | + |
|
| 206 | + $domain = false; |
|
| 207 | + if (isset($uinfo['host'])) { |
|
| 208 | + $domain = $uinfo['host']; |
|
| 209 | + } elseif (isset($uinfo['path'])) { |
|
| 210 | + $domain = $uinfo['path']; |
|
| 211 | + } |
|
| 212 | + |
|
| 213 | + return $domain; |
|
| 214 | + } |
|
| 215 | + |
|
| 216 | + /** |
|
| 217 | + * |
|
| 218 | + * Set the LDAPProvider in the config |
|
| 219 | + * |
|
| 220 | + */ |
|
| 221 | + public function setLDAPProvider() { |
|
| 222 | + $current = \OC::$server->getConfig()->getSystemValue('ldapProviderFactory', null); |
|
| 223 | + if (is_null($current)) { |
|
| 224 | + \OC::$server->getConfig()->setSystemValue('ldapProviderFactory', LDAPProviderFactory::class); |
|
| 225 | + } |
|
| 226 | + } |
|
| 227 | + |
|
| 228 | + /** |
|
| 229 | + * sanitizes a DN received from the LDAP server |
|
| 230 | + * |
|
| 231 | + * @param array $dn the DN in question |
|
| 232 | + * @return array|string the sanitized DN |
|
| 233 | + */ |
|
| 234 | + public function sanitizeDN($dn) { |
|
| 235 | + //treating multiple base DNs |
|
| 236 | + if (is_array($dn)) { |
|
| 237 | + $result = []; |
|
| 238 | + foreach ($dn as $singleDN) { |
|
| 239 | + $result[] = $this->sanitizeDN($singleDN); |
|
| 240 | + } |
|
| 241 | + return $result; |
|
| 242 | + } |
|
| 243 | + |
|
| 244 | + if (!is_string($dn)) { |
|
| 245 | + throw new \LogicException('String expected ' . \gettype($dn) . ' given'); |
|
| 246 | + } |
|
| 247 | + |
|
| 248 | + if (($sanitizedDn = $this->sanitizeDnCache->get($dn)) !== null) { |
|
| 249 | + return $sanitizedDn; |
|
| 250 | + } |
|
| 251 | + |
|
| 252 | + //OID sometimes gives back DNs with whitespace after the comma |
|
| 253 | + // a la "uid=foo, cn=bar, dn=..." We need to tackle this! |
|
| 254 | + $sanitizedDn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn); |
|
| 255 | + |
|
| 256 | + //make comparisons and everything work |
|
| 257 | + $sanitizedDn = mb_strtolower($sanitizedDn, 'UTF-8'); |
|
| 258 | + |
|
| 259 | + //escape DN values according to RFC 2253 – this is already done by ldap_explode_dn |
|
| 260 | + //to use the DN in search filters, \ needs to be escaped to \5c additionally |
|
| 261 | + //to use them in bases, we convert them back to simple backslashes in readAttribute() |
|
| 262 | + $replacements = [ |
|
| 263 | + '\,' => '\5c2C', |
|
| 264 | + '\=' => '\5c3D', |
|
| 265 | + '\+' => '\5c2B', |
|
| 266 | + '\<' => '\5c3C', |
|
| 267 | + '\>' => '\5c3E', |
|
| 268 | + '\;' => '\5c3B', |
|
| 269 | + '\"' => '\5c22', |
|
| 270 | + '\#' => '\5c23', |
|
| 271 | + '(' => '\28', |
|
| 272 | + ')' => '\29', |
|
| 273 | + '*' => '\2A', |
|
| 274 | + ]; |
|
| 275 | + $sanitizedDn = str_replace(array_keys($replacements), array_values($replacements), $sanitizedDn); |
|
| 276 | + $this->sanitizeDnCache->set($dn, $sanitizedDn); |
|
| 277 | + |
|
| 278 | + return $sanitizedDn; |
|
| 279 | + } |
|
| 280 | + |
|
| 281 | + /** |
|
| 282 | + * converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters |
|
| 283 | + * |
|
| 284 | + * @param string $dn the DN |
|
| 285 | + * @return string |
|
| 286 | + */ |
|
| 287 | + public function DNasBaseParameter($dn) { |
|
| 288 | + return str_ireplace('\\5c', '\\', $dn); |
|
| 289 | + } |
|
| 290 | + |
|
| 291 | + /** |
|
| 292 | + * listens to a hook thrown by server2server sharing and replaces the given |
|
| 293 | + * login name by a username, if it matches an LDAP user. |
|
| 294 | + * |
|
| 295 | + * @param array $param |
|
| 296 | + * @throws \Exception |
|
| 297 | + */ |
|
| 298 | + public static function loginName2UserName($param) { |
|
| 299 | + if (!isset($param['uid'])) { |
|
| 300 | + throw new \Exception('key uid is expected to be set in $param'); |
|
| 301 | + } |
|
| 302 | + |
|
| 303 | + $userBackend = \OC::$server->get(User_Proxy::class); |
|
| 304 | + $uid = $userBackend->loginName2UserName($param['uid']); |
|
| 305 | + if ($uid !== false) { |
|
| 306 | + $param['uid'] = $uid; |
|
| 307 | + } |
|
| 308 | + } |
|
| 309 | 309 | } |
@@ -133,12 +133,12 @@ discard block |
||
| 133 | 133 | |
| 134 | 134 | sort($serverConnections); |
| 135 | 135 | $lastKey = array_pop($serverConnections); |
| 136 | - $lastNumber = (int)str_replace('s', '', $lastKey); |
|
| 137 | - return 's' . str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 136 | + $lastNumber = (int) str_replace('s', '', $lastKey); |
|
| 137 | + return 's'.str_pad($lastNumber + 1, 2, '0', STR_PAD_LEFT); |
|
| 138 | 138 | } |
| 139 | 139 | |
| 140 | 140 | private function getServersConfig($value) { |
| 141 | - $regex = '/' . $value . '$/S'; |
|
| 141 | + $regex = '/'.$value.'$/S'; |
|
| 142 | 142 | |
| 143 | 143 | $keys = $this->config->getAppKeys('user_ldap'); |
| 144 | 144 | $result = []; |
@@ -165,7 +165,7 @@ discard block |
||
| 165 | 165 | $query = $this->connection->getQueryBuilder(); |
| 166 | 166 | $query->delete('appconfig') |
| 167 | 167 | ->where($query->expr()->eq('appid', $query->createNamedParameter('user_ldap'))) |
| 168 | - ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string)$prefix . '%'))) |
|
| 168 | + ->andWhere($query->expr()->like('configkey', $query->createNamedParameter((string) $prefix.'%'))) |
|
| 169 | 169 | ->andWhere($query->expr()->notIn('configkey', $query->createNamedParameter([ |
| 170 | 170 | 'enabled', |
| 171 | 171 | 'installed_version', |
@@ -242,7 +242,7 @@ discard block |
||
| 242 | 242 | } |
| 243 | 243 | |
| 244 | 244 | if (!is_string($dn)) { |
| 245 | - throw new \LogicException('String expected ' . \gettype($dn) . ' given'); |
|
| 245 | + throw new \LogicException('String expected '.\gettype($dn).' given'); |
|
| 246 | 246 | } |
| 247 | 247 | |
| 248 | 248 | if (($sanitizedDn = $this->sanitizeDnCache->get($dn)) !== null) { |
@@ -35,61 +35,61 @@ |
||
| 35 | 35 | use Symfony\Component\Console\Output\OutputInterface; |
| 36 | 36 | |
| 37 | 37 | class TestConfig extends Command { |
| 38 | - protected function configure() { |
|
| 39 | - $this |
|
| 40 | - ->setName('ldap:test-config') |
|
| 41 | - ->setDescription('tests an LDAP configuration') |
|
| 42 | - ->addArgument( |
|
| 43 | - 'configID', |
|
| 44 | - InputArgument::REQUIRED, |
|
| 45 | - 'the configuration ID' |
|
| 46 | - ) |
|
| 47 | - ; |
|
| 48 | - } |
|
| 38 | + protected function configure() { |
|
| 39 | + $this |
|
| 40 | + ->setName('ldap:test-config') |
|
| 41 | + ->setDescription('tests an LDAP configuration') |
|
| 42 | + ->addArgument( |
|
| 43 | + 'configID', |
|
| 44 | + InputArgument::REQUIRED, |
|
| 45 | + 'the configuration ID' |
|
| 46 | + ) |
|
| 47 | + ; |
|
| 48 | + } |
|
| 49 | 49 | |
| 50 | - protected function execute(InputInterface $input, OutputInterface $output): int { |
|
| 51 | - $helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()); |
|
| 52 | - $availableConfigs = $helper->getServerConfigurationPrefixes(); |
|
| 53 | - $configID = $input->getArgument('configID'); |
|
| 54 | - if (!in_array($configID, $availableConfigs)) { |
|
| 55 | - $output->writeln("Invalid configID"); |
|
| 56 | - return 1; |
|
| 57 | - } |
|
| 50 | + protected function execute(InputInterface $input, OutputInterface $output): int { |
|
| 51 | + $helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()); |
|
| 52 | + $availableConfigs = $helper->getServerConfigurationPrefixes(); |
|
| 53 | + $configID = $input->getArgument('configID'); |
|
| 54 | + if (!in_array($configID, $availableConfigs)) { |
|
| 55 | + $output->writeln("Invalid configID"); |
|
| 56 | + return 1; |
|
| 57 | + } |
|
| 58 | 58 | |
| 59 | - $result = $this->testConfig($configID); |
|
| 60 | - if ($result === 0) { |
|
| 61 | - $output->writeln('The configuration is valid and the connection could be established!'); |
|
| 62 | - } elseif ($result === 1) { |
|
| 63 | - $output->writeln('The configuration is invalid. Please have a look at the logs for further details.'); |
|
| 64 | - return 1; |
|
| 65 | - } elseif ($result === 2) { |
|
| 66 | - $output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.'); |
|
| 67 | - } else { |
|
| 68 | - $output->writeln('Your LDAP server was kidnapped by aliens.'); |
|
| 69 | - } |
|
| 70 | - return 0; |
|
| 71 | - } |
|
| 59 | + $result = $this->testConfig($configID); |
|
| 60 | + if ($result === 0) { |
|
| 61 | + $output->writeln('The configuration is valid and the connection could be established!'); |
|
| 62 | + } elseif ($result === 1) { |
|
| 63 | + $output->writeln('The configuration is invalid. Please have a look at the logs for further details.'); |
|
| 64 | + return 1; |
|
| 65 | + } elseif ($result === 2) { |
|
| 66 | + $output->writeln('The configuration is valid, but the Bind failed. Please check the server settings and credentials.'); |
|
| 67 | + } else { |
|
| 68 | + $output->writeln('Your LDAP server was kidnapped by aliens.'); |
|
| 69 | + } |
|
| 70 | + return 0; |
|
| 71 | + } |
|
| 72 | 72 | |
| 73 | - /** |
|
| 74 | - * tests the specified connection |
|
| 75 | - * @param string $configID |
|
| 76 | - * @return int |
|
| 77 | - */ |
|
| 78 | - protected function testConfig($configID) { |
|
| 79 | - $lw = new \OCA\User_LDAP\LDAP(); |
|
| 80 | - $connection = new Connection($lw, $configID); |
|
| 73 | + /** |
|
| 74 | + * tests the specified connection |
|
| 75 | + * @param string $configID |
|
| 76 | + * @return int |
|
| 77 | + */ |
|
| 78 | + protected function testConfig($configID) { |
|
| 79 | + $lw = new \OCA\User_LDAP\LDAP(); |
|
| 80 | + $connection = new Connection($lw, $configID); |
|
| 81 | 81 | |
| 82 | - //ensure validation is run before we attempt the bind |
|
| 83 | - $connection->getConfiguration(); |
|
| 82 | + //ensure validation is run before we attempt the bind |
|
| 83 | + $connection->getConfiguration(); |
|
| 84 | 84 | |
| 85 | - if (!$connection->setConfiguration([ |
|
| 86 | - 'ldap_configuration_active' => 1, |
|
| 87 | - ])) { |
|
| 88 | - return 1; |
|
| 89 | - } |
|
| 90 | - if ($connection->bind()) { |
|
| 91 | - return 0; |
|
| 92 | - } |
|
| 93 | - return 2; |
|
| 94 | - } |
|
| 85 | + if (!$connection->setConfiguration([ |
|
| 86 | + 'ldap_configuration_active' => 1, |
|
| 87 | + ])) { |
|
| 88 | + return 1; |
|
| 89 | + } |
|
| 90 | + if ($connection->bind()) { |
|
| 91 | + return 0; |
|
| 92 | + } |
|
| 93 | + return 2; |
|
| 94 | + } |
|
| 95 | 95 | } |
@@ -41,102 +41,102 @@ |
||
| 41 | 41 | use Symfony\Component\Console\Output\OutputInterface; |
| 42 | 42 | |
| 43 | 43 | class Search extends Command { |
| 44 | - /** @var \OCP\IConfig */ |
|
| 45 | - protected $ocConfig; |
|
| 46 | - /** @var User_Proxy */ |
|
| 47 | - private $userProxy; |
|
| 48 | - /** @var Group_Proxy */ |
|
| 49 | - private $groupProxy; |
|
| 44 | + /** @var \OCP\IConfig */ |
|
| 45 | + protected $ocConfig; |
|
| 46 | + /** @var User_Proxy */ |
|
| 47 | + private $userProxy; |
|
| 48 | + /** @var Group_Proxy */ |
|
| 49 | + private $groupProxy; |
|
| 50 | 50 | |
| 51 | - public function __construct(IConfig $ocConfig, User_Proxy $userProxy, Group_Proxy $groupProxy) { |
|
| 52 | - parent::__construct(); |
|
| 53 | - $this->ocConfig = $ocConfig; |
|
| 54 | - $this->userProxy = $userProxy; |
|
| 55 | - $this->groupProxy = $groupProxy; |
|
| 56 | - } |
|
| 51 | + public function __construct(IConfig $ocConfig, User_Proxy $userProxy, Group_Proxy $groupProxy) { |
|
| 52 | + parent::__construct(); |
|
| 53 | + $this->ocConfig = $ocConfig; |
|
| 54 | + $this->userProxy = $userProxy; |
|
| 55 | + $this->groupProxy = $groupProxy; |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - protected function configure() { |
|
| 59 | - $this |
|
| 60 | - ->setName('ldap:search') |
|
| 61 | - ->setDescription('executes a user or group search') |
|
| 62 | - ->addArgument( |
|
| 63 | - 'search', |
|
| 64 | - InputArgument::REQUIRED, |
|
| 65 | - 'the search string (can be empty)' |
|
| 66 | - ) |
|
| 67 | - ->addOption( |
|
| 68 | - 'group', |
|
| 69 | - null, |
|
| 70 | - InputOption::VALUE_NONE, |
|
| 71 | - 'searches groups instead of users' |
|
| 72 | - ) |
|
| 73 | - ->addOption( |
|
| 74 | - 'offset', |
|
| 75 | - null, |
|
| 76 | - InputOption::VALUE_REQUIRED, |
|
| 77 | - 'The offset of the result set. Needs to be a multiple of limit. defaults to 0.', |
|
| 78 | - 0 |
|
| 79 | - ) |
|
| 80 | - ->addOption( |
|
| 81 | - 'limit', |
|
| 82 | - null, |
|
| 83 | - InputOption::VALUE_REQUIRED, |
|
| 84 | - 'limit the results. 0 means no limit, defaults to 15', |
|
| 85 | - 15 |
|
| 86 | - ) |
|
| 87 | - ; |
|
| 88 | - } |
|
| 58 | + protected function configure() { |
|
| 59 | + $this |
|
| 60 | + ->setName('ldap:search') |
|
| 61 | + ->setDescription('executes a user or group search') |
|
| 62 | + ->addArgument( |
|
| 63 | + 'search', |
|
| 64 | + InputArgument::REQUIRED, |
|
| 65 | + 'the search string (can be empty)' |
|
| 66 | + ) |
|
| 67 | + ->addOption( |
|
| 68 | + 'group', |
|
| 69 | + null, |
|
| 70 | + InputOption::VALUE_NONE, |
|
| 71 | + 'searches groups instead of users' |
|
| 72 | + ) |
|
| 73 | + ->addOption( |
|
| 74 | + 'offset', |
|
| 75 | + null, |
|
| 76 | + InputOption::VALUE_REQUIRED, |
|
| 77 | + 'The offset of the result set. Needs to be a multiple of limit. defaults to 0.', |
|
| 78 | + 0 |
|
| 79 | + ) |
|
| 80 | + ->addOption( |
|
| 81 | + 'limit', |
|
| 82 | + null, |
|
| 83 | + InputOption::VALUE_REQUIRED, |
|
| 84 | + 'limit the results. 0 means no limit, defaults to 15', |
|
| 85 | + 15 |
|
| 86 | + ) |
|
| 87 | + ; |
|
| 88 | + } |
|
| 89 | 89 | |
| 90 | - /** |
|
| 91 | - * Tests whether the offset and limit options are valid |
|
| 92 | - * @param int $offset |
|
| 93 | - * @param int $limit |
|
| 94 | - * @throws \InvalidArgumentException |
|
| 95 | - */ |
|
| 96 | - protected function validateOffsetAndLimit($offset, $limit) { |
|
| 97 | - if ($limit < 0) { |
|
| 98 | - throw new \InvalidArgumentException('limit must be 0 or greater'); |
|
| 99 | - } |
|
| 100 | - if ($offset < 0) { |
|
| 101 | - throw new \InvalidArgumentException('offset must be 0 or greater'); |
|
| 102 | - } |
|
| 103 | - if ($limit === 0 && $offset !== 0) { |
|
| 104 | - throw new \InvalidArgumentException('offset must be 0 if limit is also set to 0'); |
|
| 105 | - } |
|
| 106 | - if ($offset > 0 && ($offset % $limit !== 0)) { |
|
| 107 | - throw new \InvalidArgumentException('offset must be a multiple of limit'); |
|
| 108 | - } |
|
| 109 | - } |
|
| 90 | + /** |
|
| 91 | + * Tests whether the offset and limit options are valid |
|
| 92 | + * @param int $offset |
|
| 93 | + * @param int $limit |
|
| 94 | + * @throws \InvalidArgumentException |
|
| 95 | + */ |
|
| 96 | + protected function validateOffsetAndLimit($offset, $limit) { |
|
| 97 | + if ($limit < 0) { |
|
| 98 | + throw new \InvalidArgumentException('limit must be 0 or greater'); |
|
| 99 | + } |
|
| 100 | + if ($offset < 0) { |
|
| 101 | + throw new \InvalidArgumentException('offset must be 0 or greater'); |
|
| 102 | + } |
|
| 103 | + if ($limit === 0 && $offset !== 0) { |
|
| 104 | + throw new \InvalidArgumentException('offset must be 0 if limit is also set to 0'); |
|
| 105 | + } |
|
| 106 | + if ($offset > 0 && ($offset % $limit !== 0)) { |
|
| 107 | + throw new \InvalidArgumentException('offset must be a multiple of limit'); |
|
| 108 | + } |
|
| 109 | + } |
|
| 110 | 110 | |
| 111 | - protected function execute(InputInterface $input, OutputInterface $output): int { |
|
| 112 | - $helper = new Helper($this->ocConfig, \OC::$server->getDatabaseConnection()); |
|
| 113 | - $configPrefixes = $helper->getServerConfigurationPrefixes(true); |
|
| 114 | - $ldapWrapper = new LDAP(); |
|
| 111 | + protected function execute(InputInterface $input, OutputInterface $output): int { |
|
| 112 | + $helper = new Helper($this->ocConfig, \OC::$server->getDatabaseConnection()); |
|
| 113 | + $configPrefixes = $helper->getServerConfigurationPrefixes(true); |
|
| 114 | + $ldapWrapper = new LDAP(); |
|
| 115 | 115 | |
| 116 | - $offset = (int)$input->getOption('offset'); |
|
| 117 | - $limit = (int)$input->getOption('limit'); |
|
| 118 | - $this->validateOffsetAndLimit($offset, $limit); |
|
| 116 | + $offset = (int)$input->getOption('offset'); |
|
| 117 | + $limit = (int)$input->getOption('limit'); |
|
| 118 | + $this->validateOffsetAndLimit($offset, $limit); |
|
| 119 | 119 | |
| 120 | - if ($input->getOption('group')) { |
|
| 121 | - $proxy = $this->groupProxy; |
|
| 122 | - $getMethod = 'getGroups'; |
|
| 123 | - $printID = false; |
|
| 124 | - // convert the limit of groups to null. This will show all the groups available instead of |
|
| 125 | - // nothing, and will match the same behaviour the search for users has. |
|
| 126 | - if ($limit === 0) { |
|
| 127 | - $limit = null; |
|
| 128 | - } |
|
| 129 | - } else { |
|
| 130 | - $proxy = $this->userProxy; |
|
| 131 | - $getMethod = 'getDisplayNames'; |
|
| 132 | - $printID = true; |
|
| 133 | - } |
|
| 120 | + if ($input->getOption('group')) { |
|
| 121 | + $proxy = $this->groupProxy; |
|
| 122 | + $getMethod = 'getGroups'; |
|
| 123 | + $printID = false; |
|
| 124 | + // convert the limit of groups to null. This will show all the groups available instead of |
|
| 125 | + // nothing, and will match the same behaviour the search for users has. |
|
| 126 | + if ($limit === 0) { |
|
| 127 | + $limit = null; |
|
| 128 | + } |
|
| 129 | + } else { |
|
| 130 | + $proxy = $this->userProxy; |
|
| 131 | + $getMethod = 'getDisplayNames'; |
|
| 132 | + $printID = true; |
|
| 133 | + } |
|
| 134 | 134 | |
| 135 | - $result = $proxy->$getMethod($input->getArgument('search'), $limit, $offset); |
|
| 136 | - foreach ($result as $id => $name) { |
|
| 137 | - $line = $name . ($printID ? ' ('.$id.')' : ''); |
|
| 138 | - $output->writeln($line); |
|
| 139 | - } |
|
| 140 | - return 0; |
|
| 141 | - } |
|
| 135 | + $result = $proxy->$getMethod($input->getArgument('search'), $limit, $offset); |
|
| 136 | + foreach ($result as $id => $name) { |
|
| 137 | + $line = $name . ($printID ? ' ('.$id.')' : ''); |
|
| 138 | + $output->writeln($line); |
|
| 139 | + } |
|
| 140 | + return 0; |
|
| 141 | + } |
|
| 142 | 142 | } |
@@ -37,57 +37,57 @@ |
||
| 37 | 37 | use Symfony\Component\Console\Output\OutputInterface; |
| 38 | 38 | |
| 39 | 39 | class SetConfig extends Command { |
| 40 | - protected function configure() { |
|
| 41 | - $this |
|
| 42 | - ->setName('ldap:set-config') |
|
| 43 | - ->setDescription('modifies an LDAP configuration') |
|
| 44 | - ->addArgument( |
|
| 45 | - 'configID', |
|
| 46 | - InputArgument::REQUIRED, |
|
| 47 | - 'the configuration ID' |
|
| 48 | - ) |
|
| 49 | - ->addArgument( |
|
| 50 | - 'configKey', |
|
| 51 | - InputArgument::REQUIRED, |
|
| 52 | - 'the configuration key' |
|
| 53 | - ) |
|
| 54 | - ->addArgument( |
|
| 55 | - 'configValue', |
|
| 56 | - InputArgument::REQUIRED, |
|
| 57 | - 'the new configuration value' |
|
| 58 | - ) |
|
| 59 | - ; |
|
| 60 | - } |
|
| 40 | + protected function configure() { |
|
| 41 | + $this |
|
| 42 | + ->setName('ldap:set-config') |
|
| 43 | + ->setDescription('modifies an LDAP configuration') |
|
| 44 | + ->addArgument( |
|
| 45 | + 'configID', |
|
| 46 | + InputArgument::REQUIRED, |
|
| 47 | + 'the configuration ID' |
|
| 48 | + ) |
|
| 49 | + ->addArgument( |
|
| 50 | + 'configKey', |
|
| 51 | + InputArgument::REQUIRED, |
|
| 52 | + 'the configuration key' |
|
| 53 | + ) |
|
| 54 | + ->addArgument( |
|
| 55 | + 'configValue', |
|
| 56 | + InputArgument::REQUIRED, |
|
| 57 | + 'the new configuration value' |
|
| 58 | + ) |
|
| 59 | + ; |
|
| 60 | + } |
|
| 61 | 61 | |
| 62 | - protected function execute(InputInterface $input, OutputInterface $output): int { |
|
| 63 | - $helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()); |
|
| 64 | - $availableConfigs = $helper->getServerConfigurationPrefixes(); |
|
| 65 | - $configID = $input->getArgument('configID'); |
|
| 66 | - if (!in_array($configID, $availableConfigs)) { |
|
| 67 | - $output->writeln("Invalid configID"); |
|
| 68 | - return 1; |
|
| 69 | - } |
|
| 62 | + protected function execute(InputInterface $input, OutputInterface $output): int { |
|
| 63 | + $helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()); |
|
| 64 | + $availableConfigs = $helper->getServerConfigurationPrefixes(); |
|
| 65 | + $configID = $input->getArgument('configID'); |
|
| 66 | + if (!in_array($configID, $availableConfigs)) { |
|
| 67 | + $output->writeln("Invalid configID"); |
|
| 68 | + return 1; |
|
| 69 | + } |
|
| 70 | 70 | |
| 71 | - $this->setValue( |
|
| 72 | - $configID, |
|
| 73 | - $input->getArgument('configKey'), |
|
| 74 | - $input->getArgument('configValue') |
|
| 75 | - ); |
|
| 76 | - return 0; |
|
| 77 | - } |
|
| 71 | + $this->setValue( |
|
| 72 | + $configID, |
|
| 73 | + $input->getArgument('configKey'), |
|
| 74 | + $input->getArgument('configValue') |
|
| 75 | + ); |
|
| 76 | + return 0; |
|
| 77 | + } |
|
| 78 | 78 | |
| 79 | - /** |
|
| 80 | - * save the configuration value as provided |
|
| 81 | - * @param string $configID |
|
| 82 | - * @param string $configKey |
|
| 83 | - * @param string $configValue |
|
| 84 | - */ |
|
| 85 | - protected function setValue($configID, $key, $value) { |
|
| 86 | - $configHolder = new Configuration($configID); |
|
| 87 | - $configHolder->$key = $value; |
|
| 88 | - $configHolder->saveConfiguration(); |
|
| 79 | + /** |
|
| 80 | + * save the configuration value as provided |
|
| 81 | + * @param string $configID |
|
| 82 | + * @param string $configKey |
|
| 83 | + * @param string $configValue |
|
| 84 | + */ |
|
| 85 | + protected function setValue($configID, $key, $value) { |
|
| 86 | + $configHolder = new Configuration($configID); |
|
| 87 | + $configHolder->$key = $value; |
|
| 88 | + $configHolder->saveConfiguration(); |
|
| 89 | 89 | |
| 90 | - $connectionFactory = new ConnectionFactory(new LDAP()); |
|
| 91 | - $connectionFactory->get($configID)->clearCache(); |
|
| 92 | - } |
|
| 90 | + $connectionFactory = new ConnectionFactory(new LDAP()); |
|
| 91 | + $connectionFactory->get($configID)->clearCache(); |
|
| 92 | + } |
|
| 93 | 93 | } |
