From 594221a4670ddf9092b97c544de1cbded42b8454 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 4 May 2012 13:02:20 +0200
Subject: [PATCH] LDAP: make oc_user_ldap::checkPassword make use of central
 OC_LDAP

---
 apps/user_ldap/lib_ldap.php  |   4 ++
 apps/user_ldap/user_ldap.php | 106 +++++++++++++++++++----------------
 2 files changed, 61 insertions(+), 49 deletions(-)

diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php
index 1e7b55786d4..bfe5965d9a3 100755
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@@ -610,6 +610,10 @@ class OC_LDAP {
 		}
 	}
 
+	static public function areCredentialsValid($name, $password) {
+		return @ldap_bind(self::getConnectionResource(), $name, $password);
+	}
+
 	/**
 	* taken from http://www.php.net/manual/en/function.array-search.php#97645
 	* TODO: move somewhere, where its better placed since it is not LDAP specific. OC_Helper maybe?
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 0fa621194c8..d9c36da87be 100755
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -41,6 +41,12 @@ class OC_USER_LDAP extends OC_User_Backend {
 	protected $ldap_quota_def;
 	protected $ldap_email;
 
+	protected $ldapUserFilter;
+	protected $ldapLoginFilter;
+	protected $ldapQuotaAttribute;
+	protected $ldapQuotaDefault;
+	protected $ldapEmailAttribute;
+
 	// will be retrieved from LDAP server
 	protected $ldap_dc = false;
 
@@ -59,6 +65,12 @@ class OC_USER_LDAP extends OC_User_Backend {
 		$this->ldap_quota_def = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def','');
 		$this->ldap_email_attr = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr','');
 
+		$this->ldapUserFilter      = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
+		$this->ldapLoginFilter     = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
+		$this->ldapQuotaAttribute  = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
+		$this->ldapQuotaDefault    = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
+		$this->ldapEmailAttribute  = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
+
 		if( !empty($this->ldap_host)
 			&& !empty($this->ldap_port)
 			&& ((!empty($this->ldap_dn) && !empty($this->ldap_password)) || (empty($this->ldap_dn) && empty($this->ldap_password)))
@@ -77,25 +89,34 @@ class OC_USER_LDAP extends OC_User_Backend {
 			ldap_unbind($this->ds);
 	}
 
-	private function setQuota( $uid ) {
-		if( !$this->ldap_dc )
-			return false;
+	private function updateQuota($dn) {
+		$quota = null;
+		if(!empty($this->ldapQuotaDefault)) {
+			$quota = $this->ldapQuotaDefault;
+		}
+		if(!empty($this->ldapQuotaAttribute)) {
+			$aQuota = OC_LDAP::readAttribute($dn, $this->ldapQuotaAttribute);
 
-		if(!empty($this->ldap_quota_attr)) {
-			$quota = $this->ldap_dc[strtolower($this->ldap_quota_attr)][0];
-		} else {
-			$quota = false;
+			if($aQuota && (count($aQuota) > 0)) {
+				$quota = $aQuota[0];
+			}
+		}
+		if(!is_null($quota)) {
+			OCP\Config::setUserValue(OC_LDAP::dn2username($dn), 'files', 'quota', OCP\Util::computerFileSize($quota));
 		}
-		$quota = $quota != -1 ? $quota : $this->ldap_quota_def;
-		OCP\Config::setUserValue($uid, 'files', 'quota', OCP\Util::computerFileSize($quota));
 	}
 
-	private function setEmail( $uid ) {
-		if( !$this->ldap_dc )
-			return false;
-
-		$email = $this->ldap_dc[$this->ldap_email_attr][0];
-		OCP\Config::setUserValue($uid, 'settings', 'email', $email);
+	private function updateEmail($dn) {
+		$email = null;
+		if(!empty($this->ldapEmailAttribute)) {
+			$aEmail = OC_LDAP::readAttribute($dn, $this->ldapEmailAttribute);
+			if($aEmail && (count($aEmail) > 0)) {
+				$email = $aEmail[0];
+			}
+			if(!is_null($email)){
+				OCP\Config::setUserValue(OC_LDAP::dn2username($dn), 'settings', 'email', $email);
+			}
+		}
 	}
 
 	//Connect to LDAP and store the resource
@@ -142,47 +163,34 @@ class OC_USER_LDAP extends OC_User_Backend {
 		return $this->ldap_dc;
 	}
 
-	public function checkPassword( $uid, $password ) {
-		if(!$this->configured){
+	/**
+	 * @brief Check if the password is correct
+	 * @param $uid The username
+	 * @param $password The password
+	 * @returns true/false
+	 *
+	 * Check if the password is correct without logging in the user
+	 */
+	public static function checkPassword( $uid, $password ){
+		//find out dn of the user name
+		$filter = str_replace('%uid', $uid, $this->ldapLoginFilter);
+		$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
+		if(count($ldap_users) < 1) {
 			return false;
 		}
-		$dc = $this->getDc( $uid );
-		if( !$dc )
-			return false;
+		$dn = $ldap_users[0];
 
-		if (!@ldap_bind( $this->getDs(), $dc['dn'], $password )) {
+		//are the credentials OK?
+		if(!OC_LDAP::areCredentialsValid($dn, $password)) {
 			return false;
 		}
 
-		if(!empty($this->ldap_quota_attr) || !empty($this->ldap_quota_def)) {
-			$this->setQuota($uid);
-		}
-
-		if(!empty($this->ldap_email_attr)) {
-			$this->setEmail($uid);
-		}
-
-		if($this->ldap_nocase) {
-			$filter = str_replace('%uid', $uid, $this->ldap_login_filter);
-			$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
-			$entries = ldap_get_entries( $this->getDs(), $sr );
-			if( $entries['count'] == 1 ) {
-				foreach($entries as $row) {
-					$ldap_display_name  = strtolower($this->ldap_display_name);
-					if(isset($row[$ldap_display_name])) {
-						return $row[$ldap_display_name][0];
-					}
-				}
-			}
-			else {
-				return $uid;
-			}
-
-		}
-		else {
-			return $uid;
-		}
+		//update some settings, if necessary
+		$this->updateQuota($dn);
+		$this->updateEmail($dn);
 
+		//give back the display name
+		return OC_LDAP::dn2username($dn);
 	}
 
 	/**
-- 
2.39.5