From 514b34084a18ff924f36747f6a41cfbe8a2f724f Mon Sep 17 00:00:00 2001 From: =?utf8?q?C=C3=B4me=20Chilliet?= Date: Thu, 4 Nov 2021 12:06:59 +0100 Subject: [PATCH] Change column names to ldap_dn and ldap_dn_hash and add migration MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Côme Chilliet --- .../user_ldap/lib/Mapping/AbstractMapping.php | 34 ++--- .../Version1010Date20200630192842.php | 14 +- .../Version1130Date20211102154716.php | 139 ++++++++++++++++++ 3 files changed, 158 insertions(+), 29 deletions(-) create mode 100644 apps/user_ldap/lib/Migration/Version1130Date20211102154716.php diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php index 8d1236e7348..a2cc278aad5 100644 --- a/apps/user_ldap/lib/Mapping/AbstractMapping.php +++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php @@ -67,8 +67,8 @@ abstract class AbstractMapping { */ public function isColNameValid($col) { switch ($col) { - case 'ldap_full_dn': case 'ldap_dn': + case 'ldap_dn_hash': case 'owncloud_name': case 'directory_uuid': return true; @@ -135,7 +135,7 @@ abstract class AbstractMapping { */ public function getDNByName($name) { $dn = array_search($name, $this->cache); - if ($dn === false && ($dn = $this->getXbyY('ldap_full_dn', 'owncloud_name', $name)) !== false) { + if ($dn === false && ($dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name)) !== false) { $this->cache[$dn] = $name; } return $dn; @@ -152,7 +152,7 @@ abstract class AbstractMapping { $oldDn = $this->getDnByUUID($uuid); $statement = $this->dbc->prepare(' UPDATE `' . $this->getTableName() . '` - SET `ldap_dn` = ?, `ldap_full_dn` = ? + SET `ldap_dn_hash` = ?, `ldap_dn` = ? WHERE `directory_uuid` = ? '); @@ -179,7 +179,7 @@ abstract class AbstractMapping { $statement = $this->dbc->prepare(' UPDATE `' . $this->getTableName() . '` SET `directory_uuid` = ? - WHERE `ldap_dn` = ? + WHERE `ldap_dn_hash` = ? '); unset($this->cache[$fdn]); @@ -188,7 +188,7 @@ abstract class AbstractMapping { } /** - * Get the hash to store in database column ldap_dn for a given dn + * Get the hash to store in database column ldap_dn_hash for a given dn */ protected function getDNHash(string $fdn): string { return (string)hash('sha256', $fdn, false); @@ -202,7 +202,7 @@ abstract class AbstractMapping { */ public function getNameByDN($fdn) { if (!isset($this->cache[$fdn])) { - $this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $this->getDNHash($fdn)); + $this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn_hash', $this->getDNHash($fdn)); } return $this->cache[$fdn]; } @@ -212,17 +212,17 @@ abstract class AbstractMapping { */ protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder { $qb = $this->dbc->getQueryBuilder(); - $qb->select('owncloud_name', 'ldap_dn', 'ldap_full_dn') + $qb->select('owncloud_name', 'ldap_dn_hash', 'ldap_dn') ->from($this->getTableName(false)) - ->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($hashList, QueryBuilder::PARAM_STR_ARRAY))); + ->where($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($hashList, QueryBuilder::PARAM_STR_ARRAY))); return $qb; } protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void { $stmt = $qb->execute(); while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) { - $results[$entry['ldap_full_dn']] = $entry['owncloud_name']; - $this->cache[$entry['ldap_full_dn']] = $entry['owncloud_name']; + $results[$entry['ldap_dn']] = $entry['owncloud_name']; + $this->cache[$entry['ldap_dn']] = $entry['owncloud_name']; } $stmt->closeCursor(); } @@ -256,7 +256,7 @@ abstract class AbstractMapping { } if (!empty($fdnsSlice)) { - $qb->orWhere($qb->expr()->in('ldap_dn', $qb->createNamedParameter($fdnsSlice, QueryBuilder::PARAM_STR_ARRAY))); + $qb->orWhere($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($fdnsSlice, QueryBuilder::PARAM_STR_ARRAY))); } if ($slice % $maxSlices === 0) { @@ -310,7 +310,7 @@ abstract class AbstractMapping { } public function getDnByUUID($uuid) { - return $this->getXbyY('ldap_full_dn', 'directory_uuid', $uuid); + return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid); } /** @@ -321,7 +321,7 @@ abstract class AbstractMapping { * @throws \Exception */ public function getUUIDByDN($dn) { - return $this->getXbyY('directory_uuid', 'ldap_dn', $this->getDNHash($dn)); + return $this->getXbyY('directory_uuid', 'ldap_dn_hash', $this->getDNHash($dn)); } /** @@ -334,7 +334,7 @@ abstract class AbstractMapping { public function getList($offset = null, $limit = null) { $query = $this->dbc->prepare(' SELECT - `ldap_full_dn` AS `dn`, + `ldap_dn` AS `dn`, `owncloud_name` AS `name`, `directory_uuid` AS `uuid` FROM `' . $this->getTableName() . '`', @@ -356,8 +356,8 @@ abstract class AbstractMapping { */ public function map($fdn, $name, $uuid) { $row = [ - 'ldap_dn' => $this->getDNHash($fdn), - 'ldap_full_dn' => $fdn, + 'ldap_dn_hash' => $this->getDNHash($fdn), + 'ldap_dn' => $fdn, 'owncloud_name' => $name, 'directory_uuid' => $uuid ]; @@ -444,7 +444,7 @@ abstract class AbstractMapping { */ public function count() { $qb = $this->dbc->getQueryBuilder(); - $query = $qb->select($qb->func()->count('ldap_dn')) + $query = $qb->select($qb->func()->count('ldap_dn_hash')) ->from($this->getTableName()); $res = $query->execute(); $count = $res->fetchOne(); diff --git a/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php index 9f0faf752a3..e2c78ed59f8 100644 --- a/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php +++ b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php @@ -47,12 +47,7 @@ class Version1010Date20200630192842 extends SimpleMigrationStep { $table = $schema->createTable('ldap_user_mapping'); $table->addColumn('ldap_dn', Types::STRING, [ 'notnull' => true, - 'length' => 64, - 'default' => '', - ]); - $table->addColumn('ldap_full_dn', Types::STRING, [ - 'notnull' => true, - 'length' => 4096, + 'length' => 255, 'default' => '', ]); $table->addColumn('owncloud_name', Types::STRING, [ @@ -73,12 +68,7 @@ class Version1010Date20200630192842 extends SimpleMigrationStep { $table = $schema->createTable('ldap_group_mapping'); $table->addColumn('ldap_dn', Types::STRING, [ 'notnull' => true, - 'length' => 64, - 'default' => '', - ]); - $table->addColumn('ldap_full_dn', Types::STRING, [ - 'notnull' => true, - 'length' => 4096, + 'length' => 255, 'default' => '', ]); $table->addColumn('owncloud_name', Types::STRING, [ diff --git a/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php new file mode 100644 index 00000000000..1d8ec577b9c --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php @@ -0,0 +1,139 @@ +dbc = $dbc; + $this->logger = $logger; + } + + public function getName() { + return 'Adjust LDAP user and group ldap_dn column lengths and add ldap_dn_hash columns'; + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + $changeSchema = false; + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { + $table = $schema->getTable($tableName); + $column = $table->getColumn('ldap_dn_hash'); + if (!$column) { + $table->addColumn('ldap_dn_hash', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $changeSchema = true; + } + $column = $table->getColumn('ldap_dn'); + if ($column->getLength() < 4096) { + $column->setLength(4096); + $changeSchema = true; + } + if ($table === 'ldap_user_mapping') { + if ($table->hasIndex('ldap_dn_users')) { + $table->dropIndex('ldap_dn_users'); + $changeSchema = true; + } + if (!$table->hasIndex('ldap_user_dn_hashes')) { + $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_user_dn_hashes'); + $changeSchema = true; + } + } else { + if ($table->hasIndex('owncloud_name_groups')) { + $table->dropIndex('owncloud_name_groups'); + $changeSchema = true; + } + if (!$table->hasIndex('ldap_group_dn_hashes')) { + $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_group_dn_hashes'); + $changeSchema = true; + } + if ($table->getPrimaryKeyColumns() !== ['owncloud_name']) { + $table->setPrimaryKey(['owncloud_name']); + $changeSchema = true; + } + } + } + + return $changeSchema ? $schema : null; + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + */ + public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) { + $this->handleDNHashes('ldap_group_mapping'); + $this->handleDNHashes('ldap_user_mapping'); + } + + protected function handleDNHashes(string $table): void { + $q = $this->getSelectQuery($table); + $u = $this->getUpdateQuery($table); + + $r = $q->executeQuery(); + while ($row = $r->fetch()) { + $dnHash = hash('sha256', $row['ldap_dn'], false); + $u->setParameter('name', $row['owncloud_name']); + $u->setParameter('dn_hash', $dnHash); + try { + $u->executeStatement(); + } catch (Exception $e) { + $this->logger->error('Failed to add hash "{dnHash}" ("{name}" of {table})', + [ + 'app' => 'user_ldap', + 'name' => $row['owncloud_name'], + 'dnHash' => $dnHash, + 'table' => $table, + 'exception' => $e, + ] + ); + } + } + $r->closeCursor(); + } + + protected function getSelectQuery(string $table): IQueryBuilder { + $q = $this->dbc->getQueryBuilder(); + $q->select('owncloud_name', 'ldap_dn', 'ldap_dn_hash') + ->from($table) + ->where($q->expr()->isNull('ldap_dn_hash')); + return $q; + } + + protected function getUpdateQuery(string $table): IQueryBuilder { + $q = $this->dbc->getQueryBuilder(); + $q->update($table) + ->set('ldap_dn_hash', $query->createParameter('dn_hash')) + ->where($q->expr()->eq('owncloud_name', $q->createParameter('name'))); + return $q; + } +} -- 2.39.5