Merge pull request #8538 from owncloud/make-my-ide-less-complain-about-ldap

Use proper PHPDoc and variable names in the LDAP lib
This commit is contained in:
Lukas Reschke 2014-05-12 19:31:43 +02:00
commit aea44ee0d5
15 changed files with 691 additions and 386 deletions

View file

@ -23,6 +23,10 @@
namespace OCA\user_ldap\lib;
/**
* Class Access
* @package OCA\user_ldap\lib
*/
class Access extends LDAPUtility {
public $connection;
//never ever check this var directly, always use getPagedSearchResultState
@ -30,24 +34,30 @@ class Access extends LDAPUtility {
protected $cookies = array();
/**
* @param Connection $connection
* @param ILDAPWrapper $ldap
*/
public function __construct(Connection $connection, ILDAPWrapper $ldap) {
parent::__construct($ldap);
$this->connection = $connection;
}
/**
* @return bool
*/
private function checkConnection() {
return ($this->connection instanceof Connection);
}
/**
* @brief reads a given attribute for an LDAP record identified by a DN
* @param $dn the record in question
* @param $attr the attribute that shall be retrieved
* @param string $dn the record in question
* @param string $attr the attribute that shall be retrieved
* if empty, just check the record's existence
* @returns an array of values on success or an empty
* @param string $filter
* @return array|false an array of values on success or an empty
* array if $attr is empty, false otherwise
*
* Reads an attribute from an LDAP entry or check if entry exists
*/
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
if(!$this->checkConnection()) {
@ -105,7 +115,7 @@ class Access extends LDAPUtility {
}
/**
* @brief checks wether the given attribute`s valua is probably a DN
* @brief checks whether the given attributes value is probably a DN
* @param string $attr the attribute in question
* @return boolean if so true, otherwise false
*/
@ -120,8 +130,8 @@ class Access extends LDAPUtility {
/**
* @brief sanitizes a DN received from the LDAP server
* @param $dn the DN in question
* @return the sanitized DN
* @param array $dn the DN in question
* @return array the sanitized DN
*/
private function sanitizeDN($dn) {
//treating multiple base DNs
@ -163,7 +173,8 @@ class Access extends LDAPUtility {
/**
* gives back the database table for the query
* @param boolean $isUser
* @param bool $isUser
* @return string
*/
private function getMapTable($isUser) {
if($isUser) {
@ -176,9 +187,7 @@ class Access extends LDAPUtility {
/**
* @brief returns the LDAP DN for the given internal ownCloud name of the group
* @param string $name the ownCloud name in question
* @returns string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the group
* @return string with the LDAP DN on success, otherwise false
*/
public function groupname2dn($name) {
$dn = $this->ocname2dn($name, false);
@ -192,10 +201,8 @@ class Access extends LDAPUtility {
/**
* @brief returns the LDAP DN for the given internal ownCloud name of the user
* @param $name the ownCloud name in question
* @returns string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name of the user
* @param string $name the ownCloud name in question
* @return string with the LDAP DN on success, otherwise false
*/
public function username2dn($name) {
$dn = $this->ocname2dn($name, true);
@ -210,11 +217,9 @@ class Access extends LDAPUtility {
/**
* @brief returns the LDAP DN for the given internal ownCloud name
* @param $name the ownCloud name in question
* @param string $name the ownCloud name in question
* @param boolean $isUser is it a user? otherwise group
* @returns string with the LDAP DN on success, otherwise false
*
* returns the LDAP DN for the given internal ownCloud name
* @return string with the LDAP DN on success, otherwise false
*/
private function ocname2dn($name, $isUser) {
$table = $this->getMapTable($isUser);
@ -230,15 +235,12 @@ class Access extends LDAPUtility {
}
/**
* @brief returns the internal ownCloud name for the given LDAP DN of the group
* @param $dn the dn of the group object
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud, false on DN outside of search DN
*
* returns the internal ownCloud name for the given LDAP DN of the
* group, false on DN outside of search DN or failure
* @brief returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
* @param string $dn the dn of the group object
* @param string $ldapName optional, the display name of the object
* @return string with the name to use in ownCloud, false on DN outside of search DN
*/
public function dn2groupname($dn, $ldapname = null) {
public function dn2groupname($dn, $ldapName = null) {
//To avoid bypassing the base DN settings under certain circumstances
//with the group support, check whether the provided DN matches one of
//the given Bases
@ -246,18 +248,16 @@ class Access extends LDAPUtility {
return false;
}
return $this->dn2ocname($dn, $ldapname, false);
return $this->dn2ocname($dn, $ldapName, false);
}
/**
* @brief returns the internal ownCloud name for the given LDAP DN of the user
* @param $dn the dn of the user object
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
* @brief returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
* @param string $dn the dn of the user object
* @param string $ldapName optional, the display name of the object
* @return string with with the name to use in ownCloud
*/
public function dn2username($dn, $ldapname = null) {
public function dn2username($dn, $ldapName = null) {
//To avoid bypassing the base DN settings under certain circumstances
//with the group support, check whether the provided DN matches one of
//the given Bases
@ -265,19 +265,17 @@ class Access extends LDAPUtility {
return false;
}
return $this->dn2ocname($dn, $ldapname, true);
return $this->dn2ocname($dn, $ldapName, true);
}
/**
* @brief returns an internal ownCloud name for the given LDAP DN
* @param $dn the dn of the user object
* @param $ldapname optional, the display name of the object
* @param $isUser optional, wether it is a user object (otherwise group assumed)
* @returns string with with the name to use in ownCloud
*
* returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN
* @brief returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
* @param string $dn the dn of the user object
* @param string $ldapName optional, the display name of the object
* @param bool $isUser optional, whether it is a user object (otherwise group assumed)
* @return string with with the name to use in ownCloud
*/
public function dn2ocname($dn, $ldapname = null, $isUser = true) {
public function dn2ocname($dn, $ldapName = null, $isUser = true) {
$table = $this->getMapTable($isUser);
if($isUser) {
$fncFindMappedName = 'findMappedUser';
@ -288,9 +286,9 @@ class Access extends LDAPUtility {
}
//let's try to retrieve the ownCloud name from the mappings table
$ocname = $this->$fncFindMappedName($dn);
if($ocname) {
return $ocname;
$ocName = $this->$fncFindMappedName($dn);
if($ocName) {
return $ocName;
}
//second try: get the UUID and check if it is known. Then, update the DN and return the name.
@ -317,13 +315,13 @@ class Access extends LDAPUtility {
return false;
}
if(is_null($ldapname)) {
$ldapname = $this->readAttribute($dn, $nameAttribute);
if(!isset($ldapname[0]) && empty($ldapname[0])) {
if(is_null($ldapName)) {
$ldapName = $this->readAttribute($dn, $nameAttribute);
if(!isset($ldapName[0]) && empty($ldapName[0])) {
\OCP\Util::writeLog('user_ldap', 'No or empty name for '.$dn.'.', \OCP\Util::INFO);
return false;
}
$ldapname = $ldapname[0];
$ldapName = $ldapName[0];
}
if($isUser) {
@ -334,27 +332,27 @@ class Access extends LDAPUtility {
} else {
$username = $uuid;
}
$intname = $this->sanitizeUsername($username);
$intName = $this->sanitizeUsername($username);
} else {
$intname = $ldapname;
$intName = $ldapName;
}
//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
//disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check
$originalTTL = $this->connection->ldapCacheTTL;
$this->connection->setConfiguration(array('ldapCacheTTL' => 0));
if(($isUser && !\OCP\User::userExists($intname))
|| (!$isUser && !\OC_Group::groupExists($intname))) {
if($this->mapComponent($dn, $intname, $isUser)) {
if(($isUser && !\OCP\User::userExists($intName))
|| (!$isUser && !\OC_Group::groupExists($intName))) {
if($this->mapComponent($dn, $intName, $isUser)) {
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
return $intname;
return $intName;
}
}
$this->connection->setConfiguration(array('ldapCacheTTL' => $originalTTL));
$altname = $this->createAltInternalOwnCloudName($intname, $isUser);
if($this->mapComponent($dn, $altname, $isUser)) {
return $altname;
$altName = $this->createAltInternalOwnCloudName($intName, $isUser);
if($this->mapComponent($dn, $altName, $isUser)) {
return $altName;
}
//if everything else did not help..
@ -364,8 +362,8 @@ class Access extends LDAPUtility {
/**
* @brief gives back the user names as they are used ownClod internally
* @param $ldapGroups an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
* @returns an array with the user names to use in ownCloud
* @param array $ldapUsers an array with the ldap Users result in style of array ( array ('dn' => foo, 'uid' => bar), ... )
* @return array an array with the user names to use in ownCloud
*
* gives back the user names as they are used ownClod internally
*/
@ -375,8 +373,8 @@ class Access extends LDAPUtility {
/**
* @brief gives back the group names as they are used ownClod internally
* @param $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
* @returns an array with the group names to use in ownCloud
* @param array $ldapGroups an array with the ldap Groups result in style of array ( array ('dn' => foo, 'cn' => bar), ... )
* @return array an array with the group names to use in ownCloud
*
* gives back the group names as they are used ownClod internally
*/
@ -384,6 +382,10 @@ class Access extends LDAPUtility {
return $this->ldap2ownCloudNames($ldapGroups, false);
}
/**
* @param $dn
* @return bool|string
*/
private function findMappedUser($dn) {
static $query = null;
if(is_null($query)) {
@ -400,6 +402,10 @@ class Access extends LDAPUtility {
return false;
}
/**
* @param $dn
* @return bool|string
*/
private function findMappedGroup($dn) {
static $query = null;
if(is_null($query)) {
@ -416,9 +422,10 @@ class Access extends LDAPUtility {
return false;
}
/**
* @param boolean $isUsers
* @param array $ldapObjects
* @param bool $isUsers
* @return array
*/
private function ldap2ownCloudNames($ldapObjects, $isUsers) {
if($isUsers) {
@ -430,13 +437,13 @@ class Access extends LDAPUtility {
foreach($ldapObjects as $ldapObject) {
$nameByLDAP = isset($ldapObject[$nameAttribute]) ? $ldapObject[$nameAttribute] : null;
$ocname = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
if($ocname) {
$ownCloudNames[] = $ocname;
$ocName = $this->dn2ocname($ldapObject['dn'], $nameByLDAP, $isUsers);
if($ocName) {
$ownCloudNames[] = $ocName;
if($isUsers) {
//cache the user names so it does not need to be retrieved
//again later (e.g. sharing dialogue).
$this->cacheUserDisplayName($ocname, $nameByLDAP);
$this->cacheUserDisplayName($ocName, $nameByLDAP);
}
}
continue;
@ -446,18 +453,18 @@ class Access extends LDAPUtility {
/**
* @brief caches the user display name
* @param string the internal owncloud username
* @param string the display name
* @param string $ocName the internal ownCloud username
* @param string $displayName the display name
*/
public function cacheUserDisplayName($ocname, $displayName) {
public function cacheUserDisplayName($ocName, $displayName) {
$cacheKeyTrunk = 'getDisplayName';
$this->connection->writeToCache($cacheKeyTrunk.$ocname, $displayName);
$this->connection->writeToCache($cacheKeyTrunk.$ocName, $displayName);
}
/**
* @brief creates a unique name for internal ownCloud use for users. Don't call it directly.
* @param $name the display name of the object
* @returns string with with the name to use in ownCloud or false if unsuccessful
* @param string $name the display name of the object
* @return string with with the name to use in ownCloud or false if unsuccessful
*
* Instead of using this method directly, call
* createAltInternalOwnCloudName($name, true)
@ -478,8 +485,8 @@ class Access extends LDAPUtility {
/**
* @brief creates a unique name for internal ownCloud use for groups. Don't call it directly.
* @param $name the display name of the object
* @returns string with with the name to use in ownCloud or false if unsuccessful.
* @param string $name the display name of the object
* @return string with with the name to use in ownCloud or false if unsuccessful.
*
* Instead of using this method directly, call
* createAltInternalOwnCloudName($name, false)
@ -504,17 +511,17 @@ class Access extends LDAPUtility {
$lastNo = 1; //will become name_2
} else {
natsort($usedNames);
$lastname = array_pop($usedNames);
$lastNo = intval(substr($lastname, strrpos($lastname, '_') + 1));
$lastName = array_pop($usedNames);
$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
}
$altName = $name.'_'.strval($lastNo+1);
unset($usedNames);
$attempts = 1;
while($attempts < 21){
//Pro forma check to be really sure it is unique
//while loop is just a precaution. If a name is not generated within
//20 attempts, something else is very wrong. Avoids infinite loop.
// Check to be really sure it is unique
// while loop is just a precaution. If a name is not generated within
// 20 attempts, something else is very wrong. Avoids infinite loop.
if(!\OC_Group::groupExists($altName)) {
return $altName;
}
@ -526,9 +533,9 @@ class Access extends LDAPUtility {
/**
* @brief creates a unique name for internal ownCloud use.
* @param $name the display name of the object
* @param string $name the display name of the object
* @param boolean $isUser whether name should be created for a user (true) or a group (false)
* @returns string with with the name to use in ownCloud or false if unsuccessful
* @return string with with the name to use in ownCloud or false if unsuccessful
*/
private function createAltInternalOwnCloudName($name, $isUser) {
$originalTTL = $this->connection->ldapCacheTTL;
@ -545,7 +552,7 @@ class Access extends LDAPUtility {
/**
* @brief retrieves all known groups from the mappings table
* @returns array with the results
* @return array with the results
*
* retrieves all known groups from the mappings table
*/
@ -555,7 +562,7 @@ class Access extends LDAPUtility {
/**
* @brief retrieves all known users from the mappings table
* @returns array with the results
* @return array with the results
*
* retrieves all known users from the mappings table
*/
@ -579,19 +586,19 @@ class Access extends LDAPUtility {
/**
* @brief inserts a new user or group into the mappings table
* @param $dn the record in question
* @param $ocname the name to use in ownCloud
* @param $isUser is it a user or a group?
* @returns true on success, false otherwise
* @param string $dn the record in question
* @param string $ocName the name to use in ownCloud
* @param bool $isUser is it a user or a group?
* @return bool true on success, false otherwise
*
* inserts a new user or group into the mappings table
*/
private function mapComponent($dn, $ocname, $isUser = true) {
private function mapComponent($dn, $ocName, $isUser = true) {
$table = $this->getMapTable($isUser);
$sqlAdjustment = '';
$dbtype = \OCP\Config::getSystemValue('dbtype');
if($dbtype === 'mysql') {
$dbType = \OCP\Config::getSystemValue('dbtype');
if($dbType === 'mysql') {
$sqlAdjustment = 'FROM DUAL';
}
@ -607,9 +614,9 @@ class Access extends LDAPUtility {
');
//feed the DB
$insRows = $insert->execute(array($dn, $ocname,
$insRows = $insert->execute(array($dn, $ocName,
$this->getUUID($dn, $isUser), $dn,
$ocname));
$ocName));
if(\OCP\DB::isError($insRows)) {
return false;
@ -623,24 +630,31 @@ class Access extends LDAPUtility {
}
/**
* @param integer $limit
* @param integer $offset
* @param $filter
* @param $attr
* @param int $limit
* @param int $offset
* @return array
*/
public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) {
return $this->fetchList($this->searchUsers($filter, $attr, $limit, $offset), (count($attr) > 1));
}
/**
* @param string $filter
* @param integer $limit
* @param integer $offset
* @param $filter
* @param $attr
* @param int $limit
* @param int $offset
* @return array
*/
public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) {
return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1));
}
/**
* @param boolean $manyAttributes
* @param $list
* @param bool $manyAttributes
* @return array
*/
private function fetchList($list, $manyAttributes) {
if(is_array($list)) {
@ -657,11 +671,11 @@ class Access extends LDAPUtility {
/**
* @brief executes an LDAP search, optimized for Users
* @param $filter the LDAP filter for the search
* @param $attr optional, when a certain attribute shall be filtered out
* @param string $filter the LDAP filter for the search
* @param string $attr optional, when a certain attribute shall be filtered out
* @param integer $limit
* @param integer $offset
* @returns array with the search result
* @return array with the search result
*
* Executes an LDAP search
*/
@ -671,6 +685,10 @@ class Access extends LDAPUtility {
/**
* @param string $filter
* @param array $attr
* @param int $limit
* @param int $offset
* @return false|int
*/
public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) {
return $this->count($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset);
@ -679,10 +697,10 @@ class Access extends LDAPUtility {
/**
* @brief executes an LDAP search, optimized for Groups
* @param string $filter the LDAP filter for the search
* @param $attr optional, when a certain attribute shall be filtered out
* @param string $attr optional, when a certain attribute shall be filtered out
* @param integer $limit
* @param integer $offset
* @returns array with the search result
* @return array with the search result
*
* Executes an LDAP search
*/
@ -692,13 +710,13 @@ class Access extends LDAPUtility {
/**
* @brief prepares and executes an LDAP search operation
* @param $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be
* @param string $filter the LDAP filter for the search
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array.
* @param $limit optional, maximum results to be counted
* @param $offset optional, a starting point
* @returns array with the search result as first value and pagedSearchOK as
* @param int $limit optional, maximum results to be counted
* @param int $offset optional, a starting point
* @return array|false array with the search result as first value and pagedSearchOK as
* second | false if not successful
*/
private function executeSearch($filter, $base, &$attr = null, $limit = null, $offset = null) {
@ -715,7 +733,7 @@ class Access extends LDAPUtility {
return false;
}
//check wether paged search should be attempted
//check whether paged search should be attempted
$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, $limit, $offset);
$linkResources = array_pad(array(), count($base), $cr);
@ -738,16 +756,16 @@ class Access extends LDAPUtility {
/**
* @brief processes an LDAP paged search operation
* @param $sr the array containing the LDAP search resources
* @param $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $iFoundItems number of results in the search operation
* @param $limit maximum results to be counted
* @param $offset a starting point
* @param $pagedSearchOK whether a paged search has been executed
* @param boolean $skipHandling required for paged search when cookies to
* @param array $sr the array containing the LDAP search resources
* @param string $filter the LDAP filter for the search
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param int $iFoundItems number of results in the search operation
* @param int $limit maximum results to be counted
* @param int $offset a starting point
* @param bool $pagedSearchOK whether a paged search has been executed
* @param bool $skipHandling required for paged search when cookies to
* prior results need to be gained
* @returns array with the search result as first value and pagedSearchOK as
* @return array|false array with the search result as first value and pagedSearchOK as
* second | false if not successful
*/
private function processPagedSearchStatus($sr, $filter, $base, $iFoundItems, $limit, $offset, $pagedSearchOK, $skipHandling) {
@ -780,14 +798,14 @@ class Access extends LDAPUtility {
/**
* @brief executes an LDAP search, but counts the results only
* @param string $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array.
* @param $limit optional, maximum results to be counted
* @param $offset optional, a starting point
* @param $skipHandling indicates whether the pages search operation is
* @param int $limit optional, maximum results to be counted
* @param int $offset optional, a starting point
* @param bool $skipHandling indicates whether the pages search operation is
* completed
* @returns int | false if the search could not be initialized
* @return int|false Integer or false if the search could not be initialized
*
*/
private function count($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
@ -799,7 +817,7 @@ class Access extends LDAPUtility {
$counter = 0;
$count = null;
$cr = $this->connection->getConnectionResource();
$this->connection->getConnectionResource();
do {
$continue = false;
@ -821,10 +839,15 @@ class Access extends LDAPUtility {
return $counter;
}
private function countEntriesInSearchResults($searchResults, $limit,
&$hasHitLimit) {
/**
* @param $searchResults
* @param $limit
* @param $hasHitLimit
* @return int
*/
private function countEntriesInSearchResults($searchResults, $limit, &$hasHitLimit) {
$cr = $this->connection->getConnectionResource();
$count = 0;
$counter = 0;
foreach($searchResults as $res) {
$count = intval($this->ldap->countEntries($cr, $res));
@ -838,14 +861,14 @@ class Access extends LDAPUtility {
}
/**
* @brief executes an LDAP search
* @param $filter the LDAP filter for the search
* @param $base an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, array, one or more attributes that shall be
* retrieved. Results will according to the order in the array.
* @returns array with the search result
*
* Executes an LDAP search
* @brief Executes an LDAP search
* @param string $filter the LDAP filter for the search
* @param array $base an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, array, one or more attributes that shall be
* @param int $limit
* @param int $offset
* @param bool $skipHandling
* @return array with the search result
*/
private function search($filter, $base, $attr = null, $limit = null, $offset = null, $skipHandling = false) {
$search = $this->executeSearch($filter, $base, $attr, $limit, $offset);
@ -873,7 +896,7 @@ class Access extends LDAPUtility {
}
$findings = array();
foreach($sr as $key => $res) {
foreach($sr as $res) {
$findings = array_merge($findings, $this->ldap->getEntries($cr , $res ));
}
@ -889,9 +912,9 @@ class Access extends LDAPUtility {
if(!is_null($attr)) {
$selection = array();
$multiarray = false;
$multiArray = false;
if(count($attr) > 1) {
$multiarray = true;
$multiArray = true;
$i = 0;
}
foreach($findings as $item) {
@ -900,7 +923,7 @@ class Access extends LDAPUtility {
}
$item = \OCP\Util::mb_array_change_key_case($item, MB_CASE_LOWER, 'UTF-8');
if($multiarray) {
if($multiArray) {
foreach($attr as $key) {
$key = mb_strtolower($key, 'UTF-8');
if(isset($item[$key])) {
@ -931,7 +954,7 @@ class Access extends LDAPUtility {
$findings = $selection;
}
//we slice the findings, when
//a) paged search insuccessful, though attempted
//a) paged search unsuccessful, though attempted
//b) no paged search, but limit set
if((!$this->getPagedSearchResultState()
&& $pagedSearchOK)
@ -945,19 +968,23 @@ class Access extends LDAPUtility {
return $findings;
}
/**
* @param $name
* @return bool|mixed|string
*/
public function sanitizeUsername($name) {
if($this->connection->ldapIgnoreNamingRules) {
return $name;
}
// Translitaration
//latin characters to ASCII
// Transliteration
// latin characters to ASCII
$name = iconv('UTF-8', 'ASCII//TRANSLIT', $name);
//REPLACEMENTS
// Replacements
$name = \OCP\Util::mb_str_replace(' ', '_', $name, 'UTF-8');
//every remaining unallowed characters will be removed
// Every remaining disallowed characters will be removed
$name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
return $name;
@ -966,7 +993,7 @@ class Access extends LDAPUtility {
/**
* @brief escapes (user provided) parts for LDAP filter
* @param string $input, the provided value
* @return the escaped string
* @return string the escaped string
*/
public function escapeFilterPart($input) {
$search = array('*', '\\', '(', ')');
@ -977,9 +1004,7 @@ class Access extends LDAPUtility {
/**
* @brief combines the input filters with AND
* @param $filters array, the filters to connect
* @returns the combined filter
*
* Combines Filter arguments with AND
* @return string the combined filter
*/
public function combineFilterWithAnd($filters) {
return $this->combineFilter($filters, '&');
@ -988,9 +1013,7 @@ class Access extends LDAPUtility {
/**
* @brief combines the input filters with AND
* @param $filters array, the filters to connect
* @returns the combined filter
*
* Combines Filter arguments with AND
* @return string the combined filter
*/
public function combineFilterWithOr($filters) {
return $this->combineFilter($filters, '|');
@ -1000,9 +1023,7 @@ class Access extends LDAPUtility {
* @brief combines the input filters with given operator
* @param $filters array, the filters to connect
* @param string $operator either & or |
* @returns the combined filter
*
* Combines Filter arguments with AND
* @return string the combined filter
*/
private function combineFilter($filters, $operator) {
$combinedFilter = '('.$operator;
@ -1017,7 +1038,7 @@ class Access extends LDAPUtility {
}
/**
* @brief creates a filter part for to perfrom search for users
* @brief creates a filter part for to perform search for users
* @param string $search the search term
* @return string the final filter part to use in LDAP searches
*/
@ -1028,7 +1049,7 @@ class Access extends LDAPUtility {
}
/**
* @brief creates a filter part for to perfrom search for groups
* @brief creates a filter part for to perform search for groups
* @param string $search the search term
* @return string the final filter part to use in LDAP searches
*/
@ -1041,9 +1062,10 @@ class Access extends LDAPUtility {
/**
* @brief creates a filter part for searches
* @param string $search the search term
* @param $searchAttributes
* @param string $fallbackAttribute a fallback attribute in case the user
* did not define search attributes. Typically the display name attribute.
* @returns string the final filter part to use in LDAP searches
* @return string the final filter part to use in LDAP searches
*/
private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
$filter = array();
@ -1065,7 +1087,9 @@ class Access extends LDAPUtility {
}
/**
* @param string $name
* @param string $password
* @return bool
*/
public function areCredentialsValid($name, $password) {
$name = $this->DNasBaseParameter($name);
@ -1084,9 +1108,10 @@ class Access extends LDAPUtility {
/**
* @brief auto-detects the directory's UUID attribute
* @param $dn a known DN used to check against
* @param $force the detection should be run, even if it is not set to auto
* @returns true on success, false otherwise
* @param string $dn a known DN used to check against
* @param bool $isUser
* @param bool $force the detection should be run, even if it is not set to auto
* @return bool true on success, false otherwise
*/
private function detectUuidAttribute($dn, $isUser = true, $force = false) {
if($isUser) {
@ -1106,7 +1131,7 @@ class Access extends LDAPUtility {
return true;
}
//for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
// for now, supported attributes are entryUUID, nsuniqueid, objectGUID, ipaUniqueID
$testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid', 'ipauniqueid');
foreach($testAttributes as $attribute) {
@ -1126,6 +1151,11 @@ class Access extends LDAPUtility {
return false;
}
/**
* @param $dn
* @param bool $isUser
* @return array|bool|false
*/
public function getUUID($dn, $isUser = true) {
if($isUser) {
$uuidAttr = 'ldapUuidUserAttribute';
@ -1154,11 +1184,9 @@ class Access extends LDAPUtility {
/**
* @brief converts a binary ObjectGUID into a string representation
* @param $oguid the ObjectGUID in it's binary form as retrieved from AD
* @returns String
*
* converts a binary ObjectGUID into a string representation
* http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
* @param string $oguid the ObjectGUID in it's binary form as retrieved from AD
* @return string
* @link http://www.php.net/manual/en/function.ldap-get-values-len.php#73198
*/
private function convertObjectGUID2Str($oguid) {
$hex_guid = bin2hex($oguid);
@ -1181,12 +1209,9 @@ class Access extends LDAPUtility {
}
/**
* @brief converts a stored DN so it can be used as base parameter for LDAP queries
* @param $dn the DN
* @returns String
*
* converts a stored DN so it can be used as base parameter for LDAP queries
* internally we store them for usage in LDAP filters
* @brief converts a stored DN so it can be used as base parameter for LDAP queries, internally we store them for usage in LDAP filters
* @param string $dn the DN
* @return string
*/
private function DNasBaseParameter($dn) {
return str_ireplace('\\5c', '\\', $dn);
@ -1194,12 +1219,14 @@ class Access extends LDAPUtility {
/**
* @brief checks if the given DN is part of the given base DN(s)
* @param $dn the DN
* @param string $dn the DN
* @param $bases array containing the allowed base DN or DNs
* @returns Boolean
* @return bool
*/
private function isDNPartOfBase($dn, $bases) {
$belongsToBase = false;
$bases = $this->sanitizeDN($bases);
foreach($bases as $base) {
$belongsToBase = true;
if(mb_strripos($dn, $base, 0, 'UTF-8') !== (mb_strlen($dn, 'UTF-8')-mb_strlen($base, 'UTF-8'))) {
@ -1214,11 +1241,11 @@ class Access extends LDAPUtility {
/**
* @brief get a cookie for the next LDAP paged search
* @param $base a string with the base DN for the search
* @param $filter the search filter to identify the correct search
* @param $limit the limit (or 'pageSize'), to identify the correct search well
* @param $offset the offset for the new search to identify the correct search really good
* @returns string containing the key or empty if none is cached
* @param string $base a string with the base DN for the search
* @param string $filter the search filter to identify the correct search
* @param int $limit the limit (or 'pageSize'), to identify the correct search well
* @param int $offset the offset for the new search to identify the correct search really good
* @return string containing the key or empty if none is cached
*/
private function getPagedResultCookie($base, $filter, $limit, $offset) {
if($offset === 0) {
@ -1226,10 +1253,10 @@ class Access extends LDAPUtility {
}
$offset -= $limit;
//we work with cache here
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' . intval($limit) . '-' . intval($offset);
$cookie = '';
if(isset($this->cookies[$cachekey])) {
$cookie = $this->cookies[$cachekey];
if(isset($this->cookies[$cacheKey])) {
$cookie = $this->cookies[$cacheKey];
if(is_null($cookie)) {
$cookie = '';
}
@ -1239,22 +1266,22 @@ class Access extends LDAPUtility {
/**
* @brief set a cookie for LDAP paged search run
* @param $base a string with the base DN for the search
* @param $filter the search filter to identify the correct search
* @param $limit the limit (or 'pageSize'), to identify the correct search well
* @param $offset the offset for the run search to identify the correct search really good
* @param $cookie string containing the cookie returned by ldap_control_paged_result_response
* @param string $base a string with the base DN for the search
* @param string $filter the search filter to identify the correct search
* @param int $limit the limit (or 'pageSize'), to identify the correct search well
* @param int $offset the offset for the run search to identify the correct search really good
* @param string $cookie string containing the cookie returned by ldap_control_paged_result_response
* @return void
*/
private function setPagedResultCookie($base, $filter, $limit, $offset, $cookie) {
if(!empty($cookie)) {
$cachekey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
$this->cookies[$cachekey] = $cookie;
$cacheKey = 'lc' . crc32($base) . '-' . crc32($filter) . '-' .intval($limit) . '-' . intval($offset);
$this->cookies[$cacheKey] = $cookie;
}
}
/**
* @brief check wether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
* @brief Check whether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search.
* @return boolean|null true on success, null or false otherwise
*/
public function getPagedSearchResultState() {
@ -1263,15 +1290,14 @@ class Access extends LDAPUtility {
return $result;
}
/**
* @brief prepares a paged search, if possible
* @param $filter the LDAP filter for the search
* @param $bases an array containing the LDAP subtree(s) that shall be searched
* @param $attr optional, when a certain attribute shall be filtered outside
* @param $limit
* @param $offset
*
* @brief Prepares a paged search, if possible
* @param string $filter the LDAP filter for the search
* @param array $bases an array containing the LDAP subtree(s) that shall be searched
* @param array $attr optional, when a certain attribute shall be filtered outside
* @param int $limit
* @param int $offset
* @return bool|true
*/
private function initPagedSearch($filter, $bases, $attr, $limit, $offset) {
$pagedSearchOK = false;
@ -1287,8 +1313,9 @@ class Access extends LDAPUtility {
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
if(empty($cookie) && ($offset > 0)) {
// no cookie known, although the offset is not 0. Maybe cache run out. We need
// to start all over *sigh* (btw, Dear Reader, did you need LDAP paged
// to start all over *sigh* (btw, Dear Reader, did you know LDAP paged
// searching was designed by MSFT?)
// Lukas: No, but thanks to reading that source I finally know!
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
//a bit recursive, $offset of 0 is the exit
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);

View file

@ -30,7 +30,7 @@ abstract class BackendUtility {
/**
* @brief constructor, make sure the subclasses call this one!
* @param $access an instance of Access for LDAP interaction
* @param Access $access an instance of Access for LDAP interaction
*/
public function __construct(Access $access) {
$this->access = $access;

View file

@ -81,25 +81,37 @@ class Configuration {
);
/**
* @param string $configPrefix
* @param $configPrefix
* @param bool $autoRead
*/
public function __construct($configPrefix, $autoread = true) {
public function __construct($configPrefix, $autoRead = true) {
$this->configPrefix = $configPrefix;
if($autoread) {
if($autoRead) {
$this->readConfiguration();
}
}
/**
* @param $name
* @return mixed|void
*/
public function __get($name) {
if(isset($this->config[$name])) {
return $this->config[$name];
}
}
/**
* @param $name
* @param $value
*/
public function __set($name, $value) {
$this->setConfiguration(array($name => $value));
}
/**
* @return array
*/
public function getConfiguration() {
return $this->config;
}
@ -110,7 +122,7 @@ class Configuration {
* must call saveConfiguration afterwards.
* @param $config array that holds the config parameters in an associated
* array
* @param &$applied optional; array where the set fields will be given to
* @param array &$applied optional; array where the set fields will be given to
* @return false|null
*/
public function setConfiguration($config, &$applied = null) {
@ -119,11 +131,11 @@ class Configuration {
}
$cta = $this->getConfigTranslationArray();
foreach($config as $inputkey => $val) {
if(strpos($inputkey, '_') !== false && array_key_exists($inputkey, $cta)) {
$key = $cta[$inputkey];
} elseif(array_key_exists($inputkey, $this->config)) {
$key = $inputkey;
foreach($config as $inputKey => $val) {
if(strpos($inputKey, '_') !== false && array_key_exists($inputKey, $cta)) {
$key = $cta[$inputKey];
} elseif(array_key_exists($inputKey, $this->config)) {
$key = $inputKey;
} else {
continue;
}
@ -150,7 +162,7 @@ class Configuration {
}
$this->$setMethod($key, $val);
if(is_array($applied)) {
$applied[] = $inputkey;
$applied[] = $inputKey;
}
}
@ -164,7 +176,7 @@ class Configuration {
//some are determined
continue;
}
$dbkey = $cta[$key];
$dbKey = $cta[$key];
switch($key) {
case 'ldapBase':
case 'ldapBaseUsers':
@ -180,7 +192,7 @@ class Configuration {
break;
case 'ldapIgnoreNamingRules':
$readMethod = 'getSystemValue';
$dbkey = $key;
$dbKey = $key;
break;
case 'ldapAgentPassword':
$readMethod = 'getPwd';
@ -193,7 +205,7 @@ class Configuration {
$readMethod = 'getValue';
break;
}
$this->config[$key] = $this->$readMethod($dbkey);
$this->config[$key] = $this->$readMethod($dbKey);
}
$this->configRead = true;
}
@ -237,8 +249,12 @@ class Configuration {
}
}
protected function getMultiLine($varname) {
$value = $this->getValue($varname);
/**
* @param $varName
* @return array|string
*/
protected function getMultiLine($varName) {
$value = $this->getValue($varName);
if(empty($value)) {
$value = '';
} else {
@ -248,7 +264,11 @@ class Configuration {
return $value;
}
protected function setMultiLine($varname, $value) {
/**
* @param $varName
* @param $value
*/
protected function setMultiLine($varName, $value) {
if(empty($value)) {
$value = '';
} else if (!is_array($value)) {
@ -258,44 +278,69 @@ class Configuration {
}
}
$this->setValue($varname, $value);
$this->setValue($varName, $value);
}
protected function getPwd($varname) {
return base64_decode($this->getValue($varname));
/**
* @param $varName
* @return string
*/
protected function getPwd($varName) {
return base64_decode($this->getValue($varName));
}
protected function getLcValue($varname) {
return mb_strtolower($this->getValue($varname), 'UTF-8');
/**
* @param $varName
* @return string
*/
protected function getLcValue($varName) {
return mb_strtolower($this->getValue($varName), 'UTF-8');
}
protected function getSystemValue($varname) {
/**
* @param $varName
* @return string
*/
protected function getSystemValue($varName) {
//FIXME: if another system value is added, softcode the default value
return \OCP\Config::getSystemValue($varname, false);
return \OCP\Config::getSystemValue($varName, false);
}
protected function getValue($varname) {
/**
* @param $varName
* @return string
*/
protected function getValue($varName) {
static $defaults;
if(is_null($defaults)) {
$defaults = $this->getDefaults();
}
return \OCP\Config::getAppValue('user_ldap',
$this->configPrefix.$varname,
$defaults[$varname]);
$this->configPrefix.$varName,
$defaults[$varName]);
}
protected function setValue($varname, $value) {
$this->config[$varname] = $value;
/**
* @param $varName
* @param $value
*/
protected function setValue($varName, $value) {
$this->config[$varName] = $value;
}
protected function saveValue($varname, $value) {
/**
* @param $varName
* @param $value
* @return bool
*/
protected function saveValue($varName, $value) {
return \OCP\Config::setAppValue('user_ldap',
$this->configPrefix.$varname,
$this->configPrefix.$varName,
$value);
}
/**
* @returns an associative array with the default values. Keys are correspond
* @return array an associative array with the default values. Keys are correspond
* to config-value entries in the database table
*/
public function getDefaults() {
@ -350,7 +395,7 @@ class Configuration {
}
/**
* @return returns an array that maps internal variable names to database fields
* @return array that maps internal variable names to database fields
*/
public function getConfigTranslationArray() {
//TODO: merge them into one representation

View file

@ -43,8 +43,9 @@ class Connection extends LDAPUtility {
/**
* @brief Constructor
* @param $configPrefix a string with the prefix for the configkey column (appconfig table)
* @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
* @param ILDAPWrapper $ldap
* @param string $configPrefix a string with the prefix for the configkey column (appconfig table)
* @param string $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
*/
public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
parent::__construct($ldap);
@ -82,6 +83,10 @@ class Connection extends LDAPUtility {
!is_null($this->configID));
}
/**
* @param $name
* @return bool|mixed|void
*/
public function __get($name) {
if(!$this->configured) {
$this->readConfiguration();
@ -94,6 +99,10 @@ class Connection extends LDAPUtility {
return $this->configuration->$name;
}
/**
* @param $name
* @param $value
*/
public function __set($name, $value) {
$this->doNotValidate = false;
$before = $this->configuration->$name;
@ -109,9 +118,7 @@ class Connection extends LDAPUtility {
/**
* @brief initializes the LDAP backend
* @param $force read the config settings no matter what
*
* initializes the LDAP backend
* @param bool $force read the config settings no matter what
*/
public function init($force = false) {
$this->readConfiguration($force);
@ -119,7 +126,7 @@ class Connection extends LDAPUtility {
}
/**
* Returns the LDAP handler
* @brief Returns the LDAP handler
*/
public function getConnectionResource() {
if(!$this->ldapConnectionRes) {
@ -135,7 +142,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string|null $key
* @param $key
* @return string
*/
private function getCacheKey($key) {
$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
@ -146,7 +154,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string $key
* @param $key
* @return mixed|null
*/
public function getFromCache($key) {
if(!$this->configured) {
@ -165,7 +174,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string $key
* @param $key
* @return bool
*/
public function isCached($key) {
if(!$this->configured) {
@ -179,7 +189,8 @@ class Connection extends LDAPUtility {
}
/**
* @param string $key
* @param $key
* @param $value
*/
public function writeToCache($key, $value) {
if(!$this->configured) {
@ -200,7 +211,7 @@ class Connection extends LDAPUtility {
/**
* @brief Caches the general LDAP configuration.
* @param $force optional. true, if the re-read should be forced. defaults
* @param bool $force optional. true, if the re-read should be forced. defaults
* to false.
* @return null
*/
@ -214,7 +225,7 @@ class Connection extends LDAPUtility {
/**
* @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to
* @param array &$setParameters optional; array where the set fields will be given to
* @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/
public function setConfiguration($config, &$setParameters = null) {
@ -326,9 +337,9 @@ class Connection extends LDAPUtility {
}
//make sure empty search attributes are saved as simple, empty array
$sakeys = array('ldapAttributesForUserSearch',
$saKeys = array('ldapAttributesForUserSearch',
'ldapAttributesForGroupSearch');
foreach($sakeys as $key) {
foreach($saKeys as $key) {
$val = $this->configuration->$key;
if(is_array($val) && count($val) === 1 && empty($val[0])) {
$this->configuration->$key = array();
@ -345,6 +356,9 @@ class Connection extends LDAPUtility {
}
}
/**
* @return bool
*/
private function doCriticalValidation() {
$configurationOK = true;
$errorStr = 'Configuration Error (prefix '.
@ -420,7 +434,7 @@ class Connection extends LDAPUtility {
/**
* @brief Validates the user specified configuration
* @returns true if configuration seems OK, false otherwise
* @return bool true if configuration seems OK, false otherwise
*/
private function validateConfiguration() {
@ -435,8 +449,8 @@ class Connection extends LDAPUtility {
// necessary, but advisable. If left empty, give an info message
$this->doSoftValidation();
//second step: critical checks. If left empty or filled wrong, set as
//unconfigured and give a warning.
//second step: critical checks. If left empty or filled wrong, mark as
//not configured and give a warning.
return $this->doCriticalValidation();
}
@ -508,12 +522,17 @@ class Connection extends LDAPUtility {
}
}
/**
* @param $host
* @param $port
* @return false|void
*/
private function doConnect($host, $port) {
if(empty($host)) {
return false;
}
if(strpos($host, '://') !== false) {
//ldap_connect ignores port paramater when URLs are passed
//ldap_connect ignores port parameter when URLs are passed
$host .= ':' . $port;
}
$this->ldapConnectionRes = $this->ldap->connect($host, $port);

View file

@ -27,7 +27,7 @@ class Helper {
/**
* @brief returns prefixes for each saved LDAP/AD server configuration.
* @param bool optional, whether only active configuration shall be
* @param bool $activeConfigurations optional, whether only active configuration shall be
* retrieved, defaults to false
* @return array with a list of the available prefixes
*
@ -80,7 +80,7 @@ class Helper {
/**
*
* @brief determines the host for every configured connection
* @return an array with configprefix as keys
* @return array an array with configprefix as keys
*
*/
static public function getServerConfigurationHosts() {
@ -107,7 +107,7 @@ class Helper {
/**
* @brief deletes a given saved LDAP/AD server configuration.
* @param string the configuration prefix of the config to delete
* @param string $prefix the configuration prefix of the config to delete
* @return bool true on success, false otherwise
*/
static public function deleteServerConfiguration($prefix) {
@ -148,7 +148,7 @@ class Helper {
* Truncate's the given mapping table
*
* @param string $mapping either 'user' or 'group'
* @return boolean true on success, false otherwise
* @return bool true on success, false otherwise
*/
static public function clearMapping($mapping) {
if($mapping === 'user') {
@ -177,8 +177,8 @@ class Helper {
/**
* @brief extractsthe domain from a given URL
* @param $url the URL
* @return mixed, domain as string on success, false otherwise
* @param string $url the URL
* @return string|false domain as string on success, false otherwise
*/
static public function getDomainFromURL($url) {
$uinfo = parse_url($url);

View file

@ -30,9 +30,9 @@ interface ILDAPWrapper {
/**
* @brief Bind to LDAP directory
* @param resource $link LDAP link resource
* @param $dn an RDN to log in with
* @param $password the password
* @return true on success, false otherwise
* @param string $dn an RDN to log in with
* @param string $password the password
* @return bool true on success, false otherwise
*
* with $dn and $password as null a anonymous bind is attempted.
*/
@ -40,28 +40,28 @@ interface ILDAPWrapper {
/**
* @brief connect to an LDAP server
* @param $host The host to connect to
* @param $port The port to connect to
* @return a link resource on success, otherwise false
* @param string $host The host to connect to
* @param string $port The port to connect to
* @return mixed a link resource on success, otherwise false
*/
public function connect($host, $port);
/**
* @brief Send LDAP pagination control
* @param $link LDAP link resource
* @param $pagesize number of results per page
* @param boolean $isCritical Indicates whether the pagination is critical of not.
* @param $cookie structure sent by LDAP server
* @param resource $link LDAP link resource
* @param int $pageSize number of results per page
* @param bool $isCritical Indicates whether the pagination is critical of not.
* @param array $cookie structure sent by LDAP server
* @return true on success, false otherwise
*/
public function controlPagedResult($link, $pagesize, $isCritical, $cookie);
public function controlPagedResult($link, $pageSize, $isCritical, $cookie);
/**
* @brief Retrieve the LDAP pagination cookie
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param $cookie structure sent by LDAP server
* @return boolean on success, false otherwise
* @param array $cookie structure sent by LDAP server
* @return bool true on success, false otherwise
*
* Corresponds to ldap_control_paged_result_response
*/
@ -69,101 +69,101 @@ interface ILDAPWrapper {
/**
* @brief Count the number of entries in a search
* @param $link LDAP link resource
* @param $result LDAP result resource
* @return mixed, number of results on success, false otherwise
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return int|false number of results on success, false otherwise
*/
public function countEntries($link, $result);
/**
* @brief Return the LDAP error number of the last LDAP command
* @param $link LDAP link resource
* @return error message as string
* @param resource $link LDAP link resource
* @return string error message as string
*/
public function errno($link);
/**
* @brief Return the LDAP error message of the last LDAP command
* @param $link LDAP link resource
* @return error code as integer
* @param resource $link LDAP link resource
* @return int error code as integer
*/
public function error($link);
/**
* @brief Return first result id
* @param $link LDAP link resource
* @param $result LDAP result resource
* @return an LDAP search result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return Resource an LDAP search result resource
* */
public function firstEntry($link, $result);
/**
* @brief Get attributes from a search result entry
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return array containing the results, false on error
* */
public function getAttributes($link, $result);
/**
* @brief Get the DN of a result entry
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return string containing the DN, false on error
*/
public function getDN($link, $result);
/**
* @brief Get all result entries
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param resource $link LDAP link resource
* @param resource $result LDAP result resource
* @return array containing the results, false on error
*/
public function getEntries($link, $result);
/**
* @brief Return next result id
* @param $link LDAP link resource
* @param resource $link LDAP link resource
* @param resource $result LDAP entry result resource
* @return an LDAP search result resource
* @return resource an LDAP search result resource
* */
public function nextEntry($link, $result);
/**
* @brief Read an entry
* @param $link LDAP link resource
* @param $baseDN The DN of the entry to read from
* @param $filter An LDAP filter
* @param $attr array of the attributes to read
* @return an LDAP search result resource
* @param resource $link LDAP link resource
* @param array $baseDN The DN of the entry to read from
* @param string $filter An LDAP filter
* @param array $attr array of the attributes to read
* @return resource an LDAP search result resource
*/
public function read($link, $baseDN, $filter, $attr);
/**
* @brief Search LDAP tree
* @param $link LDAP link resource
* @param $baseDN The DN of the entry to read from
* @param $filter An LDAP filter
* @param $attr array of the attributes to read
* @param $attrsonly optional, 1 if only attribute types shall be returned
* @param $limit optional, limits the result entries
* @return an LDAP search result resource, false on error
* @param resource $link LDAP link resource
* @param string $baseDN The DN of the entry to read from
* @param string $filter An LDAP filter
* @param array $attr array of the attributes to read
* @param int $attrsOnly optional, 1 if only attribute types shall be returned
* @param int $limit optional, limits the result entries
* @return resource|false an LDAP search result resource, false on error
*/
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0);
public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0);
/**
* @brief Sets the value of the specified option to be $value
* @param $link LDAP link resource
* @param $option a defined LDAP Server option
* @param integer $value the new value for the option
* @return true on success, false otherwise
* @param resource $link LDAP link resource
* @param string $option a defined LDAP Server option
* @param int $value the new value for the option
* @return bool true on success, false otherwise
*/
public function setOption($link, $option, $value);
/**
* @brief establish Start TLS
* @param $link LDAP link resource
* @return true on success, false otherwise
* @param resource|$link LDAP link resource
* @return bool true on success, false otherwise
*/
public function startTls($link);
@ -171,35 +171,35 @@ interface ILDAPWrapper {
* @brief Sort the result of a LDAP search
* @param $link LDAP link resource
* @param $result LDAP result resource
* @param $sortfilter attribute to use a key in sort
* @param string $sortFilter attribute to use a key in sort
*/
public function sort($link, $result, $sortfilter);
public function sort($link, $result, $sortFilter);
/**
* @brief Unbind from LDAP directory
* @param resource $link LDAP link resource
* @return true on success, false otherwise
* @return bool true on success, false otherwise
*/
public function unbind($link);
//additional required methods in owncloud
//additional required methods in ownCloud
/**
* @brief Checks whether the server supports LDAP
* @return boolean if it the case, false otherwise
* @return bool true if it the case, false otherwise
* */
public function areLDAPFunctionsAvailable();
/**
* @brief Checks whether PHP supports LDAP Paged Results
* @return boolean if it the case, false otherwise
* @return bool true if it the case, false otherwise
* */
public function hasPagedResultSupport();
/**
* @brief Checks whether the submitted parameter is a resource
* @param $resource the resource variable to check
* @return boolean if it is a resource, false otherwise
* @param resource $resource the resource variable to check
* @return bool true if it is a resource, false otherwise
*/
public function isResource($resource);

View file

@ -33,6 +33,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
$this->interval = self::getRefreshInterval();
}
/**
* @param $argument
*/
public function run($argument){
Jobs::updateGroups();
}
@ -57,11 +60,17 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Finished.', \OCP\Util::DEBUG);
}
/**
* @return int
*/
static private function getRefreshInterval() {
//defaults to every hour
return \OCP\Config::getAppValue('user_ldap', 'bgjRefreshInterval', 3600);
}
/**
* @param $groups
*/
static private function handleKnownGroups($groups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" Dealing with known Groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare('
@ -97,6 +106,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG);
}
/**
* @param $createdGroups
*/
static private function handleCreatedGroups($createdGroups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with created Groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare('
@ -116,6 +128,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG);
}
/**
* @param $removedGroups
*/
static private function handleRemovedGroups($removedGroups) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" dealing with removed groups.', \OCP\Util::DEBUG);
$query = \OCP\DB::prepare('
@ -134,6 +149,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
\OCP\Util::DEBUG);
}
/**
* @return \OCA\user_ldap\GROUP_LDAP|\OCA\user_ldap\Group_Proxy
*/
static private function getGroupBE() {
if(!is_null(self::$groupBE)) {
return self::$groupBE;
@ -152,6 +170,9 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
return self::$groupBE;
}
/**
* @return array
*/
static private function getKnownGroups() {
if(is_array(self::$groupsFromDB)) {
return self::$groupsFromDB;

View file

@ -27,14 +27,31 @@ class LDAP implements ILDAPWrapper {
protected $curFunc = '';
protected $curArgs = array();
/**
* @param resource $link
* @param string $dn
* @param string $password
* @return bool|mixed
*/
public function bind($link, $dn, $password) {
return $this->invokeLDAPMethod('bind', $link, $dn, $password);
}
/**
* @param string $host
* @param string $port
* @return mixed
*/
public function connect($host, $port) {
return $this->invokeLDAPMethod('connect', $host, $port);
}
/**
* @param LDAP $link
* @param LDAP $result
* @param $cookie
* @return bool|LDAP
*/
public function controlPagedResultResponse($link, $result, &$cookie) {
$this->preFunctionCall('ldap_control_paged_result_response',
array($link, $result, $cookie));
@ -44,64 +61,144 @@ class LDAP implements ILDAPWrapper {
return $result;
}
public function controlPagedResult($link, $pagesize, $isCritical, $cookie) {
return $this->invokeLDAPMethod('control_paged_result', $link, $pagesize,
/**
* @param LDAP $link
* @param int $pageSize
* @param bool $isCritical
* @param array $cookie
* @return mixed|true
*/
public function controlPagedResult($link, $pageSize, $isCritical, $cookie) {
return $this->invokeLDAPMethod('control_paged_result', $link, $pageSize,
$isCritical, $cookie);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed
*/
public function countEntries($link, $result) {
return $this->invokeLDAPMethod('count_entries', $link, $result);
}
/**
* @param LDAP $link
* @return mixed|string
*/
public function errno($link) {
return $this->invokeLDAPMethod('errno', $link);
}
/**
* @param LDAP $link
* @return int|mixed
*/
public function error($link) {
return $this->invokeLDAPMethod('error', $link);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed
*/
public function firstEntry($link, $result) {
return $this->invokeLDAPMethod('first_entry', $link, $result);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return array|mixed
*/
public function getAttributes($link, $result) {
return $this->invokeLDAPMethod('get_attributes', $link, $result);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return mixed|string
*/
public function getDN($link, $result) {
return $this->invokeLDAPMethod('get_dn', $link, $result);
}
/**
* @param LDAP $link
* @param LDAP $result
* @return array|mixed
*/
public function getEntries($link, $result) {
return $this->invokeLDAPMethod('get_entries', $link, $result);
}
/**
* @param LDAP $link
* @param resource $result
* @return mixed|an
*/
public function nextEntry($link, $result) {
return $this->invokeLDAPMethod('next_entry', $link, $result);
}
/**
* @param LDAP $link
* @param string $baseDN
* @param string $filter
* @param array $attr
* @return mixed
*/
public function read($link, $baseDN, $filter, $attr) {
return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
}
public function search($link, $baseDN, $filter, $attr, $attrsonly = 0, $limit = 0) {
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter,
$attr, $attrsonly, $limit);
/**
* @param LDAP $link
* @param string $baseDN
* @param string $filter
* @param array $attr
* @param int $attrsOnly
* @param int $limit
* @return mixed
*/
public function search($link, $baseDN, $filter, $attr, $attrsOnly = 0, $limit = 0) {
return $this->invokeLDAPMethod('search', $link, $baseDN, $filter, $attr, $attrsOnly, $limit);
}
/**
* @param LDAP $link
* @param string $option
* @param int $value
* @return bool|mixed
*/
public function setOption($link, $option, $value) {
return $this->invokeLDAPMethod('set_option', $link, $option, $value);
}
public function sort($link, $result, $sortfilter) {
return $this->invokeLDAPMethod('sort', $link, $result, $sortfilter);
/**
* @param LDAP $link
* @param LDAP $result
* @param string $sortFilter
* @return mixed
*/
public function sort($link, $result, $sortFilter) {
return $this->invokeLDAPMethod('sort', $link, $result, $sortFilter);
}
/**
* @param LDAP $link
* @return mixed|true
*/
public function startTls($link) {
return $this->invokeLDAPMethod('start_tls', $link);
}
/**
* @param resource $link
* @return bool|mixed
*/
public function unbind($link) {
return $this->invokeLDAPMethod('unbind', $link);
}
@ -126,13 +223,16 @@ class LDAP implements ILDAPWrapper {
/**
* @brief Checks whether the submitted parameter is a resource
* @param $resource the resource variable to check
* @return boolean if it is a resource, false otherwise
* @param Resource $resource the resource variable to check
* @return bool true if it is a resource, false otherwise
*/
public function isResource($resource) {
return is_resource($resource);
}
/**
* @return mixed
*/
private function invokeLDAPMethod() {
$arguments = func_get_args();
$func = 'ldap_' . array_shift($arguments);
@ -148,6 +248,7 @@ class LDAP implements ILDAPWrapper {
/**
* @param string $functionName
* @param $args
*/
private function preFunctionCall($functionName, $args) {
$this->curFunc = $functionName;
@ -181,4 +282,4 @@ class LDAP implements ILDAPWrapper {
$this->curFunc = '';
$this->curArgs = array();
}
}
}

View file

@ -28,7 +28,7 @@ abstract class LDAPUtility {
/**
* @brief constructor, make sure the subclasses call this one!
* @param $ldapWrapper an instance of an ILDAPWrapper
* @param ILDAPWrapper $ldapWrapper an instance of an ILDAPWrapper
*/
public function __construct(ILDAPWrapper $ldapWrapper) {
$this->ldap = $ldapWrapper;

View file

@ -29,16 +29,26 @@ abstract class Proxy {
static private $accesses = array();
private $ldap = null;
/**
* @param ILDAPWrapper $ldap
*/
public function __construct(ILDAPWrapper $ldap) {
$this->ldap = $ldap;
$this->cache = \OC_Cache::getGlobalCache();
}
/**
* @param $configPrefix
*/
private function addAccess($configPrefix) {
$connector = new Connection($this->ldap, $configPrefix);
self::$accesses[$configPrefix] = new Access($connector, $this->ldap);
}
/**
* @param $configPrefix
* @return mixed
*/
protected function getAccess($configPrefix) {
if(!isset(self::$accesses[$configPrefix])) {
$this->addAccess($configPrefix);
@ -46,30 +56,45 @@ abstract class Proxy {
return self::$accesses[$configPrefix];
}
/**
* @param $uid
* @return string
*/
protected function getUserCacheKey($uid) {
return 'user-'.$uid.'-lastSeenOn';
}
/**
* @param $gid
* @return string
*/
protected function getGroupCacheKey($gid) {
return 'group-'.$gid.'-lastSeenOn';
}
/**
* @param boolean $passOnWhen
* @param string $method
* @param $id
* @param $method
* @param $parameters
* @param bool $passOnWhen
* @return mixed
*/
abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen);
/**
* @param string $method
* @param $id
* @param $method
* @param $parameters
* @return mixed
*/
abstract protected function walkBackends($id, $method, $parameters);
/**
* @brief Takes care of the request to the User backend
* @param $uid string, the uid connected to the request
* @param $id
* @param string $method string, the method of the user backend that shall be called
* @param $parameters an array of parameters to be passed
* @param array $parameters an array of parameters to be passed
* @param bool $passOnWhen
* @return mixed, the result of the specified method
*/
protected function handleRequest($id, $method, $parameters, $passOnWhen = false) {
@ -81,7 +106,8 @@ abstract class Proxy {
}
/**
* @param string|null $key
* @param $key
* @return string
*/
private function getCacheKey($key) {
$prefix = 'LDAP-Proxy-';
@ -92,7 +118,8 @@ abstract class Proxy {
}
/**
* @param string $key
* @param $key
* @return mixed|null
*/
public function getFromCache($key) {
if(!$this->isCached($key)) {
@ -104,7 +131,8 @@ abstract class Proxy {
}
/**
* @param string $key
* @param $key
* @return bool
*/
public function isCached($key) {
$key = $this->getCacheKey($key);
@ -112,7 +140,8 @@ abstract class Proxy {
}
/**
* @param string $key
* @param $key
* @param $value
*/
public function writeToCache($key, $value) {
$key = $this->getCacheKey($key);

View file

@ -45,8 +45,8 @@ class Wizard extends LDAPUtility {
/**
* @brief Constructor
* @param $configuration an instance of Configuration
* @param $ldap an instance of ILDAPWrapper
* @param Configuration $configuration an instance of Configuration
* @param ILDAPWrapper $ldap an instance of ILDAPWrapper
*/
public function __construct(Configuration $configuration, ILDAPWrapper $ldap) {
parent::__construct($ldap);
@ -63,6 +63,10 @@ class Wizard extends LDAPUtility {
}
}
/**
* @return WizardResult
* @throws \Exception
*/
public function countGroups() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -96,6 +100,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function countUsers() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -125,7 +133,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function determineAttributes() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -152,6 +163,7 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the Group Filter Mode
* @return WizardResult
*/
public function getGroupFilterMode() {
$this->getFilterMode('ldapGroupFilterMode');
@ -160,6 +172,7 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the Login Filter Mode
* @return WizardResult
*/
public function getLoginFilterMode() {
$this->getFilterMode('ldapLoginFilterMode');
@ -168,6 +181,7 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the User Filter Mode
* @return WizardResult
*/
public function getUserFilterMode() {
$this->getFilterMode('ldapUserFilterMode');
@ -176,19 +190,20 @@ class Wizard extends LDAPUtility {
/**
* @brief return the state of the mode of the specified filter
* @param string $confkey string, contains the access key of the Configuration
* @param string $confKey contains the access key of the Configuration
*/
private function getFilterMode($confkey) {
$mode = $this->configuration->$confkey;
private function getFilterMode($confKey) {
$mode = $this->configuration->$confKey;
if(is_null($mode)) {
$mode = $this->LFILTER_MODE_ASSISTED;
}
$this->result->addChange($confkey, $mode);
$this->result->addChange($confKey, $mode);
}
/**
* @brief detects the available LDAP attributes
* @returns the instance's WizardResult instance
* @return array The instance's WizardResult instance
* @throws \Exception
*/
private function getUserAttributes() {
if(!$this->checkRequirements(array('ldapHost',
@ -221,7 +236,7 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
* @return WizardResult the instance's WizardResult instance
*/
public function determineGroupsForGroups() {
return $this->determineGroups('ldap_groupfilter_groups',
@ -231,7 +246,7 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
* @return WizardResult the instance's WizardResult instance
*/
public function determineGroupsForUsers() {
return $this->determineGroups('ldap_userfilter_groups',
@ -240,11 +255,13 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available LDAP groups
* @param string $dbkey
* @param string $confkey
* @returns the instance's WizardResult instance
* @param string $dbKey
* @param string $confKey
* @param bool $testMemberOf
* @return WizardResult the instance's WizardResult instance
* @throws \Exception
*/
private function determineGroups($dbkey, $confkey, $testMemberOf = true) {
private function determineGroups($dbKey, $confKey, $testMemberOf = true) {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
'ldapBase',
@ -256,8 +273,8 @@ class Wizard extends LDAPUtility {
throw new \Exception('Could not connect to LDAP');
}
$obclasses = array('posixGroup', 'group', 'zimbraDistributionList', '*');
$this->determineFeature($obclasses, 'cn', $dbkey, $confkey);
$obClasses = array('posixGroup', 'group', 'zimbraDistributionList', '*');
$this->determineFeature($obClasses, 'cn', $dbKey, $confKey);
if($testMemberOf) {
$this->configuration->hasMemberOfFilterSupport = $this->testMemberOf();
@ -270,6 +287,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return bool|WizardResult
* @throws \Exception
*/
public function determineGroupMemberAssoc() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -289,8 +310,9 @@ class Wizard extends LDAPUtility {
}
/**
* @brief detects the available object classes
* @returns the instance's WizardResult instance
* @brief Detects the available object classes
* @return WizardResult the instance's WizardResult instance
* @throws \Exception
*/
public function determineGroupObjectClasses() {
if(!$this->checkRequirements(array('ldapHost',
@ -316,7 +338,8 @@ class Wizard extends LDAPUtility {
/**
* @brief detects the available object classes
* @returns the instance's WizardResult instance
* @return WizardResult
* @throws \Exception
*/
public function determineUserObjectClasses() {
if(!$this->checkRequirements(array('ldapHost',
@ -344,6 +367,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function getGroupFilter() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -364,6 +391,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return WizardResult
* @throws \Exception
*/
public function getUserListFilter() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -386,6 +417,10 @@ class Wizard extends LDAPUtility {
return $this->result;
}
/**
* @return bool|WizardResult
* @throws \Exception
*/
public function getUserLoginFilter() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
@ -406,7 +441,8 @@ class Wizard extends LDAPUtility {
/**
* Tries to determine the port, requires given Host, User DN and Password
* @returns mixed WizardResult on success, false otherwise
* @return WizardResult|false WizardResult on success, false otherwise
* @throws \Exception
*/
public function guessPortAndTLS() {
if(!$this->checkRequirements(array('ldapHost',
@ -444,7 +480,7 @@ class Wizard extends LDAPUtility {
/**
* @brief tries to determine a base dn from User DN or LDAP Host
* @returns mixed WizardResult on success, false otherwise
* @return WizardResult|false WizardResult on success, false otherwise
*/
public function guessBaseDN() {
if(!$this->checkRequirements(array('ldapHost',
@ -486,8 +522,7 @@ class Wizard extends LDAPUtility {
* @brief sets the found value for the configuration key in the WizardResult
* as well as in the Configuration instance
* @param string $key the configuration key
* @param $value the (detected) value
* @return null
* @param string $value the (detected) value
*
*/
private function applyFind($key, $value) {
@ -516,7 +551,8 @@ class Wizard extends LDAPUtility {
/**
* @brief tries to detect the group member association attribute which is
* one of 'uniqueMember', 'memberUid', 'member'
* @return mixed, string with the attribute name, false on error
* @return string|false, string with the attribute name, false on error
* @throws \Exception
*/
private function detectGroupMemberAssoc() {
$possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa');
@ -535,7 +571,7 @@ class Wizard extends LDAPUtility {
}
$er = $this->ldap->firstEntry($cr, $rr);
while(is_resource($er)) {
$dn = $this->ldap->getDN($cr, $er);
$this->ldap->getDN($cr, $er);
$attrs = $this->ldap->getAttributes($cr, $er);
$result = array();
for($i = 0; $i < count($possibleAttrs); $i++) {
@ -558,6 +594,7 @@ class Wizard extends LDAPUtility {
* @brief Checks whether for a given BaseDN results will be returned
* @param string $base the BaseDN to test
* @return bool true on success, false otherwise
* @throws \Exception
*/
private function testBaseDN($base) {
$cr = $this->getConnection();
@ -583,7 +620,8 @@ class Wizard extends LDAPUtility {
* @brief Checks whether the server supports memberOf in LDAP Filter.
* Requires that groups are determined, thus internally called from within
* determineGroups()
* @return bool, true if it does, false otherwise
* @return bool true if it does, false otherwise
* @throws \Exception
*/
private function testMemberOf() {
$cr = $this->getConnection();
@ -624,7 +662,8 @@ class Wizard extends LDAPUtility {
* @param integer $filterType int, for which use case the filter shall be created
* can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or
* self::LFILTER_GROUP_LIST
* @return mixed, string with the filter on success, false otherwise
* @return string|false string with the filter on success, false otherwise
* @throws \Exception
*/
private function composeLdapFilter($filterType) {
$filter = '';
@ -765,9 +804,11 @@ class Wizard extends LDAPUtility {
/**
* Connects and Binds to an LDAP Server
* @param $port the port to connect with
* @param $tls whether startTLS is to be used
* @return
* @param int $port the port to connect with
* @param bool $tls whether startTLS is to be used
* @param bool $ncc
* @return bool
* @throws \Exception
*/
private function connectAndBind($port = 389, $tls = false, $ncc = false) {
if($ncc) {
@ -819,17 +860,17 @@ class Wizard extends LDAPUtility {
if($ncc) {
throw new \Exception('Certificate cannot be validated.');
}
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successfull to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap', 'Wiz: Bind successful to Port '. $port . ' TLS ' . intval($tls), \OCP\Util::DEBUG);
return true;
}
$errno = $this->ldap->errno($cr);
$errNo = $this->ldap->errno($cr);
$error = ldap_error($cr);
$this->ldap->unbind($cr);
if($errno === -1 || ($errno === 2 && $ncc)) {
if($errNo === -1 || ($errNo === 2 && $ncc)) {
//host, port or TLS wrong
return false;
} else if ($errno === 2) {
} else if ($errNo === 2) {
return $this->connectAndBind($port, $tls, true);
}
throw new \Exception($error);
@ -838,8 +879,7 @@ class Wizard extends LDAPUtility {
/**
* @brief checks whether a valid combination of agent and password has been
* provided (either two values or nothing for anonymous connect)
* @return boolean, true if everything is fine, false otherwise
*
* @return bool, true if everything is fine, false otherwise
*/
private function checkAgentRequirements() {
$agent = $this->configuration->ldapAgentName;
@ -850,7 +890,8 @@ class Wizard extends LDAPUtility {
}
/**
* @param string[] $reqs
* @param array $reqs
* @return bool
*/
private function checkRequirements($reqs) {
$this->checkAgentRequirements();
@ -874,8 +915,7 @@ class Wizard extends LDAPUtility {
* The lower, the faster
* @param string $maxF string. if not null, this variable will have the filter that
* yields most result entries
* @return mixed, an array with the values on success, false otherwise
*
* @return array|false an array with the values on success, false otherwise
*/
public function cumulativeSearchOnAttribute($filters, $attr, $lfw = true, $dnReadLimit = 3, &$maxF = null) {
$dnRead = array();
@ -949,7 +989,8 @@ class Wizard extends LDAPUtility {
* Configuration class
* @param $po boolean, whether the objectClass with most result entries
* shall be pre-selected via the result
* @returns array, list of found items.
* @return array, list of found items.
* @throws \Exception
*/
private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
$cr = $this->getConnection();
@ -1013,7 +1054,7 @@ class Wizard extends LDAPUtility {
return self::LRESULT_PROCESSED_INVALID;
}
//strtolower on all keys for proper comparison
// strtolower on all keys for proper comparison
$result = \OCP\Util::mb_array_change_key_case($result);
$attribute = strtolower($attribute);
if(isset($result[$attribute])) {
@ -1031,6 +1072,9 @@ class Wizard extends LDAPUtility {
}
}
/**
* @return bool|mixed
*/
private function getConnection() {
if(!is_null($this->cr)) {
return $this->cr;
@ -1057,6 +1101,9 @@ class Wizard extends LDAPUtility {
return false;
}
/**
* @return array
*/
private function getDefaultLdapPortSettings() {
static $settings = array(
array('port' => 7636, 'tls' => false),
@ -1069,6 +1116,9 @@ class Wizard extends LDAPUtility {
return $settings;
}
/**
* @return array
*/
private function getPortSettingsToTry() {
//389 ← LDAP / Unencrypted or StartTLS
//636 ← LDAPS / SSL
@ -1096,4 +1146,4 @@ class Wizard extends LDAPUtility {
}
}
}

View file

@ -28,10 +28,17 @@ class WizardResult {
protected $options = array();
protected $markedChange = false;
/**
* @param $key
* @param $value
*/
public function addChange($key, $value) {
$this->changes[$key] = $value;
}
/**
*
*/
public function markChange() {
$this->markedChange = true;
}
@ -47,10 +54,16 @@ class WizardResult {
$this->options[$key] = $values;
}
/**
* @return bool
*/
public function hasChanges() {
return (count($this->changes) > 0 || $this->markedChange);
}
/**
* @return array
*/
public function getResultArray() {
$result = array();
$result['changes'] = $this->changes;

View file

@ -71,7 +71,7 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
case 'ladyofshadows':
return 'dnOfLadyOfShadows';
break;
defautl:
default:
return false;
}
}));

View file

@ -136,7 +136,7 @@ class API implements IApi{
* @brief Emits a signal. To get data from the slot use references!
* @param string $signalClass class name of emitter
* @param string $signalName name of signal
* @param array $params defautl: array() array with additional data
* @param array $params default: array() array with additional data
* @return bool, true if slots exists or false if not
*/
public function emitHook($signalClass, $signalName, $params = array()) {

View file

@ -45,7 +45,7 @@ class OC_Hook{
* @brief emits a signal
* @param string $signalclass class name of emitter
* @param string $signalname name of signal
* @param array $params defautl: array() array with additional data
* @param array $params default: array() array with additional data
* @return bool, true if slots exists or false if not
*
* Emits a signal. To get data from the slot use references!