mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72574 Commits
382 Branches
Tree: c0ce272e9c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c0ce272e9c'
${ noResults }
nextcloud/apps/user_ldap/lib/Mapping/AbstractMapping.php

AbstractMapping.php 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Aaron Wood <aaronjwood@gmail.com>

  6.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  7.  * @author blizzz <blizzz@arthur-schiwon.de>

  8.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  9.  * @author Joas Schilling <coding@schilljs.com>

  10.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  11.  *

  12.  * @license AGPL-3.0

  13.  *

  14.  * This code is free software: you can redistribute it and/or modify

  15.  * it under the terms of the GNU Affero General Public License, version 3,

  16.  * as published by the Free Software Foundation.

  17.  *

  18.  * This program is distributed in the hope that it will be useful,

  19.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  20.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  21.  * GNU Affero General Public License for more details.

  22.  *

  23.  * You should have received a copy of the GNU Affero General Public License, version 3,

  24.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  25.  *

  26.  */

  27. namespace OCA\User_LDAP\Mapping;

  28. 

  29. use Doctrine\DBAL\Exception;

  30. use Doctrine\DBAL\Platforms\SqlitePlatform;

  31. use OCP\DB\IPreparedStatement;

  32. use OCP\DB\QueryBuilder\IQueryBuilder;

  33. use Psr\Log\LoggerInterface;

  34. 

  35. /**

  36.  * Class AbstractMapping

  37.  *

  38.  * @package OCA\User_LDAP\Mapping

  39.  */

  40. abstract class AbstractMapping {

  41. 	/**

  42. 	 * @var \OCP\IDBConnection $dbc

  43. 	 */

  44. 	protected $dbc;

  45. 

  46. 	/**

  47. 	 * returns the DB table name which holds the mappings

  48. 	 *

  49. 	 * @return string

  50. 	 */

  51. 	abstract protected function getTableName(bool $includePrefix = true);

  52. 

  53. 	/**

  54. 	 * @param \OCP\IDBConnection $dbc

  55. 	 */

  56. 	public function __construct(\OCP\IDBConnection $dbc) {

  57. 		$this->dbc = $dbc;

  58. 	}

  59. 

  60. 	/** @var array caches Names (value) by DN (key) */

  61. 	protected $cache = [];

  62. 

  63. 	/**

  64. 	 * checks whether a provided string represents an existing table col

  65. 	 *

  66. 	 * @param string $col

  67. 	 * @return bool

  68. 	 */

  69. 	public function isColNameValid($col) {

  70. 		switch ($col) {

  71. 			case 'ldap_dn':

  72. 			case 'ldap_dn_hash':

  73. 			case 'owncloud_name':

  74. 			case 'directory_uuid':

  75. 				return true;

  76. 			default:

  77. 				return false;

  78. 		}

  79. 	}

  80. 

  81. 	/**

  82. 	 * Gets the value of one column based on a provided value of another column

  83. 	 *

  84. 	 * @param string $fetchCol

  85. 	 * @param string $compareCol

  86. 	 * @param string $search

  87. 	 * @return string|false

  88. 	 * @throws \Exception

  89. 	 */

  90. 	protected function getXbyY($fetchCol, $compareCol, $search) {

  91. 		if (!$this->isColNameValid($fetchCol)) {

  92. 			//this is used internally only, but we don't want to risk

  93. 			//having SQL injection at all.

  94. 			throw new \Exception('Invalid Column Name');

  95. 		}

  96. 		$query = $this->dbc->prepare('

  97. 			SELECT `' . $fetchCol . '`

  98. 			FROM `' . $this->getTableName() . '`

  99. 			WHERE `' . $compareCol . '` = ?

  100. 		');

  101. 

  102. 		try {

  103. 			$res = $query->execute([$search]);

  104. 			$data = $res->fetchOne();

  105. 			$res->closeCursor();

  106. 			return $data;

  107. 		} catch (Exception $e) {

  108. 			return false;

  109. 		}

  110. 	}

  111. 

  112. 	/**

  113. 	 * Performs a DELETE or UPDATE query to the database.

  114. 	 *

  115. 	 * @param IPreparedStatement $statement

  116. 	 * @param array $parameters

  117. 	 * @return bool true if at least one row was modified, false otherwise

  118. 	 */

  119. 	protected function modify(IPreparedStatement $statement, $parameters) {

  120. 		try {

  121. 			$result = $statement->execute($parameters);

  122. 			$updated = $result->rowCount() > 0;

  123. 			$result->closeCursor();

  124. 			return $updated;

  125. 		} catch (Exception $e) {

  126. 			return false;

  127. 		}

  128. 	}

  129. 

  130. 	/**

  131. 	 * Gets the LDAP DN based on the provided name.

  132. 	 * Replaces Access::ocname2dn

  133. 	 *

  134. 	 * @param string $name

  135. 	 * @return string|false

  136. 	 */

  137. 	public function getDNByName($name) {

  138. 		$dn = array_search($name, $this->cache);

  139. 		if ($dn === false && ($dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name)) !== false) {

  140. 			$this->cache[$dn] = $name;

  141. 		}

  142. 		return $dn;

  143. 	}

  144. 

  145. 	/**

  146. 	 * Updates the DN based on the given UUID

  147. 	 *

  148. 	 * @param string $fdn

  149. 	 * @param string $uuid

  150. 	 * @return bool

  151. 	 */

  152. 	public function setDNbyUUID($fdn, $uuid) {

  153. 		$oldDn = $this->getDnByUUID($uuid);

  154. 		$statement = $this->dbc->prepare('

  155. 			UPDATE `' . $this->getTableName() . '`

  156. 			SET `ldap_dn_hash` = ?, `ldap_dn` = ?

  157. 			WHERE `directory_uuid` = ?

  158. 		');

  159. 

  160. 		$r = $this->modify($statement, [$this->getDNHash($fdn), $fdn, $uuid]);

  161. 

  162. 		if ($r && is_string($oldDn) && isset($this->cache[$oldDn])) {

  163. 			$this->cache[$fdn] = $this->cache[$oldDn];

  164. 			unset($this->cache[$oldDn]);

  165. 		}

  166. 

  167. 		return $r;

  168. 	}

  169. 

  170. 	/**

  171. 	 * Updates the UUID based on the given DN

  172. 	 *

  173. 	 * required by Migration/UUIDFix

  174. 	 *

  175. 	 * @param $uuid

  176. 	 * @param $fdn

  177. 	 * @return bool

  178. 	 */

  179. 	public function setUUIDbyDN($uuid, $fdn): bool {

  180. 		$statement = $this->dbc->prepare('

  181. 			UPDATE `' . $this->getTableName() . '`

  182. 			SET `directory_uuid` = ?

  183. 			WHERE `ldap_dn_hash` = ?

  184. 		');

  185. 

  186. 		unset($this->cache[$fdn]);

  187. 

  188. 		return $this->modify($statement, [$uuid, $this->getDNHash($fdn)]);

  189. 	}

  190. 

  191. 	/**

  192. 	 * Get the hash to store in database column ldap_dn_hash for a given dn

  193. 	 */

  194. 	protected function getDNHash(string $fdn): string {

  195. 		return hash('sha256', $fdn, false);

  196. 	}

  197. 

  198. 	/**

  199. 	 * Gets the name based on the provided LDAP DN.

  200. 	 *

  201. 	 * @param string $fdn

  202. 	 * @return string|false

  203. 	 */

  204. 	public function getNameByDN($fdn) {

  205. 		if (!isset($this->cache[$fdn])) {

  206. 			$this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn_hash', $this->getDNHash($fdn));

  207. 		}

  208. 		return $this->cache[$fdn];

  209. 	}

  210. 

  211. 	/**

  212. 	 * @param array<string> $hashList

  213. 	 */

  214. 	protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder {

  215. 		$qb = $this->dbc->getQueryBuilder();

  216. 		$qb->select('owncloud_name', 'ldap_dn_hash', 'ldap_dn')

  217. 			->from($this->getTableName(false))

  218. 			->where($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($hashList, IQueryBuilder::PARAM_STR_ARRAY)));

  219. 		return $qb;

  220. 	}

  221. 

  222. 	protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void {

  223. 		$stmt = $qb->executeQuery();

  224. 		while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) {

  225. 			$results[$entry['ldap_dn']] = $entry['owncloud_name'];

  226. 			$this->cache[$entry['ldap_dn']] = $entry['owncloud_name'];

  227. 		}

  228. 		$stmt->closeCursor();

  229. 	}

  230. 

  231. 	/**

  232. 	 * @param array<string> $fdns

  233. 	 * @return array<string,string>

  234. 	 */

  235. 	public function getListOfIdsByDn(array $fdns): array {

  236. 		$totalDBParamLimit = 65000;

  237. 		$sliceSize = 1000;

  238. 		$maxSlices = $this->dbc->getDatabasePlatform() instanceof SqlitePlatform ? 9 : $totalDBParamLimit / $sliceSize;

  239. 		$results = [];

  240. 

  241. 		$slice = 1;

  242. 		$fdns = array_map([$this, 'getDNHash'], $fdns);

  243. 		$fdnsSlice = count($fdns) > $sliceSize ? array_slice($fdns, 0, $sliceSize) : $fdns;

  244. 		$qb = $this->prepareListOfIdsQuery($fdnsSlice);

  245. 

  246. 		while (isset($fdnsSlice[999])) {

  247. 			// Oracle does not allow more than 1000 values in the IN list,

  248. 			// but allows slicing

  249. 			$slice++;

  250. 			$fdnsSlice = array_slice($fdns, $sliceSize * ($slice - 1), $sliceSize);

  251. 

  252. 			/** @see https://github.com/vimeo/psalm/issues/4995 */

  253. 			/** @psalm-suppress TypeDoesNotContainType */

  254. 			if (!isset($qb)) {

  255. 				$qb = $this->prepareListOfIdsQuery($fdnsSlice);

  256. 				continue;

  257. 			}

  258. 

  259. 			if (!empty($fdnsSlice)) {

  260. 				$qb->orWhere($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($fdnsSlice, IQueryBuilder::PARAM_STR_ARRAY)));

  261. 			}

  262. 

  263. 			if ($slice % $maxSlices === 0) {

  264. 				$this->collectResultsFromListOfIdsQuery($qb, $results);

  265. 				unset($qb);

  266. 			}

  267. 		}

  268. 

  269. 		if (isset($qb)) {

  270. 			$this->collectResultsFromListOfIdsQuery($qb, $results);

  271. 		}

  272. 

  273. 		return $results;

  274. 	}

  275. 

  276. 	/**

  277. 	 * Searches mapped names by the giving string in the name column

  278. 	 *

  279. 	 * @return string[]

  280. 	 */

  281. 	public function getNamesBySearch(string $search, string $prefixMatch = "", string $postfixMatch = ""): array {

  282. 		$statement = $this->dbc->prepare('

  283. 			SELECT `owncloud_name`

  284. 			FROM `' . $this->getTableName() . '`

  285. 			WHERE `owncloud_name` LIKE ?

  286. 		');

  287. 

  288. 		try {

  289. 			$res = $statement->execute([$prefixMatch . $this->dbc->escapeLikeParameter($search) . $postfixMatch]);

  290. 		} catch (Exception $e) {

  291. 			return [];

  292. 		}

  293. 		$names = [];

  294. 		while ($row = $res->fetch()) {

  295. 			$names[] = $row['owncloud_name'];

  296. 		}

  297. 		return $names;

  298. 	}

  299. 

  300. 	/**

  301. 	 * Gets the name based on the provided LDAP UUID.

  302. 	 *

  303. 	 * @param string $uuid

  304. 	 * @return string|false

  305. 	 */

  306. 	public function getNameByUUID($uuid) {

  307. 		return $this->getXbyY('owncloud_name', 'directory_uuid', $uuid);

  308. 	}

  309. 

  310. 	public function getDnByUUID($uuid) {

  311. 		return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid);

  312. 	}

  313. 

  314. 	/**

  315. 	 * Gets the UUID based on the provided LDAP DN

  316. 	 *

  317. 	 * @param string $dn

  318. 	 * @return false|string

  319. 	 * @throws \Exception

  320. 	 */

  321. 	public function getUUIDByDN($dn) {

  322. 		return $this->getXbyY('directory_uuid', 'ldap_dn_hash', $this->getDNHash($dn));

  323. 	}

  324. 

  325. 	public function getList(int $offset = 0, int $limit = null, bool $invalidatedOnly = false): array {

  326. 		$select = $this->dbc->getQueryBuilder();

  327. 		$select->selectAlias('ldap_dn', 'dn')

  328. 			->selectAlias('owncloud_name', 'name')

  329. 			->selectAlias('directory_uuid', 'uuid')

  330. 			->from($this->getTableName())

  331. 			->setMaxResults($limit)

  332. 			->setFirstResult($offset);

  333. 

  334. 		if ($invalidatedOnly) {

  335. 			$select->where($select->expr()->like('directory_uuid', $select->createNamedParameter('invalidated_%')));

  336. 		}

  337. 

  338. 		$result = $select->executeQuery();

  339. 		$entries = $result->fetchAll();

  340. 		$result->closeCursor();

  341. 

  342. 		return $entries;

  343. 	}

  344. 

  345. 	/**

  346. 	 * attempts to map the given entry

  347. 	 *

  348. 	 * @param string $fdn fully distinguished name (from LDAP)

  349. 	 * @param string $name

  350. 	 * @param string $uuid a unique identifier as used in LDAP

  351. 	 * @return bool

  352. 	 */

  353. 	public function map($fdn, $name, $uuid) {

  354. 		if (mb_strlen($fdn) > 4000) {

  355. 			\OCP\Server::get(LoggerInterface::class)->error(

  356. 				'Cannot map, because the DN exceeds 4000 characters: {dn}',

  357. 				[

  358. 					'app' => 'user_ldap',

  359. 					'dn' => $fdn,

  360. 				]

  361. 			);

  362. 			return false;

  363. 		}

  364. 

  365. 		$row = [

  366. 			'ldap_dn_hash' => $this->getDNHash($fdn),

  367. 			'ldap_dn' => $fdn,

  368. 			'owncloud_name' => $name,

  369. 			'directory_uuid' => $uuid

  370. 		];

  371. 

  372. 		try {

  373. 			$result = $this->dbc->insertIfNotExist($this->getTableName(), $row);

  374. 			if ((bool)$result === true) {

  375. 				$this->cache[$fdn] = $name;

  376. 			}

  377. 			// insertIfNotExist returns values as int

  378. 			return (bool)$result;

  379. 		} catch (\Exception $e) {

  380. 			return false;

  381. 		}

  382. 	}

  383. 

  384. 	/**

  385. 	 * removes a mapping based on the owncloud_name of the entry

  386. 	 *

  387. 	 * @param string $name

  388. 	 * @return bool

  389. 	 */

  390. 	public function unmap($name) {

  391. 		$statement = $this->dbc->prepare('

  392. 			DELETE FROM `' . $this->getTableName() . '`

  393. 			WHERE `owncloud_name` = ?');

  394. 

  395. 		$dn = array_search($name, $this->cache);

  396. 		if ($dn !== false) {

  397. 			unset($this->cache[$dn]);

  398. 		}

  399. 

  400. 		return $this->modify($statement, [$name]);

  401. 	}

  402. 

  403. 	/**

  404. 	 * Truncates the mapping table

  405. 	 *

  406. 	 * @return bool

  407. 	 */

  408. 	public function clear() {

  409. 		$sql = $this->dbc

  410. 			->getDatabasePlatform()

  411. 			->getTruncateTableSQL('`' . $this->getTableName() . '`');

  412. 		try {

  413. 			$this->dbc->executeQuery($sql);

  414. 

  415. 			return true;

  416. 		} catch (Exception $e) {

  417. 			return false;

  418. 		}

  419. 	}

  420. 

  421. 	/**

  422. 	 * clears the mapping table one by one and executing a callback with

  423. 	 * each row's id (=owncloud_name col)

  424. 	 *

  425. 	 * @param callable $preCallback

  426. 	 * @param callable $postCallback

  427. 	 * @return bool true on success, false when at least one row was not

  428. 	 * deleted

  429. 	 */

  430. 	public function clearCb(callable $preCallback, callable $postCallback): bool {

  431. 		$picker = $this->dbc->getQueryBuilder();

  432. 		$picker->select('owncloud_name')

  433. 			->from($this->getTableName());

  434. 		$cursor = $picker->executeQuery();

  435. 		$result = true;

  436. 		while (($id = $cursor->fetchOne()) !== false) {

  437. 			$preCallback($id);

  438. 			if ($isUnmapped = $this->unmap($id)) {

  439. 				$postCallback($id);

  440. 			}

  441. 			$result = $result && $isUnmapped;

  442. 		}

  443. 		$cursor->closeCursor();

  444. 		return $result;

  445. 	}

  446. 

  447. 	/**

  448. 	 * returns the number of entries in the mappings table

  449. 	 *

  450. 	 * @return int

  451. 	 */

  452. 	public function count(): int {

  453. 		$query = $this->dbc->getQueryBuilder();

  454. 		$query->select($query->func()->count('ldap_dn_hash'))

  455. 			->from($this->getTableName());

  456. 		$res = $query->execute();

  457. 		$count = $res->fetchOne();

  458. 		$res->closeCursor();

  459. 		return (int)$count;

  460. 	}

  461. 

  462. 	public function countInvalidated(): int {

  463. 		$query = $this->dbc->getQueryBuilder();

  464. 		$query->select($query->func()->count('ldap_dn_hash'))

  465. 			->from($this->getTableName())

  466. 			->where($query->expr()->like('directory_uuid', $query->createNamedParameter('invalidated_%')));

  467. 		$res = $query->execute();

  468. 		$count = $res->fetchOne();

  469. 		$res->closeCursor();

  470. 		return (int)$count;

  471. 	}

  472. }