mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17693 Commits
416 Branches
Tree: e0dd69e4e6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e0dd69e4e6'
${ noResults }
nextcloud/apps/user_ldap/user_ldap.php

user_ldap.php 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410 
  1. <?php

  2. 

  3. /**

  4.  * ownCloud

  5.  *

  6.  * @author Dominik Schmidt

  7.  * @author Artuhr Schiwon

  8.  * @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de

  9.  * @copyright 2012 Arthur Schiwon blizzz@owncloud.com

  10.  *

  11.  * This library is free software; you can redistribute it and/or

  12.  * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE

  13.  * License as published by the Free Software Foundation; either

  14.  * version 3 of the License, or any later version.

  15.  *

  16.  * This library is distributed in the hope that it will be useful,

  17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  19.  * GNU AFFERO GENERAL PUBLIC LICENSE for more details.

  20.  *

  21.  * You should have received a copy of the GNU Affero General Public

  22.  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.

  23.  *

  24.  */

  25. 

  26. namespace OCA\user_ldap;

  27. 

  28. use OCA\user_ldap\lib\BackendUtility;

  29. 

  30. class USER_LDAP extends BackendUtility implements \OCP\UserInterface {

  31. 

  32. 	private function updateQuota($dn) {

  33. 		$quota = null;

  34. 		$quotaDefault = $this->access->connection->ldapQuotaDefault;

  35. 		$quotaAttribute = $this->access->connection->ldapQuotaAttribute;

  36. 		if(!empty($quotaDefault)) {

  37. 			$quota = $quotaDefault;

  38. 		}

  39. 		if(!empty($quotaAttribute)) {

  40. 			$aQuota = $this->access->readAttribute($dn, $quotaAttribute);

  41. 

  42. 			if($aQuota && (count($aQuota) > 0)) {

  43. 				$quota = $aQuota[0];

  44. 			}

  45. 		}

  46. 		if(!is_null($quota)) {

  47. 			\OCP\Config::setUserValue(	$this->access->dn2username($dn),

  48. 										'files',

  49. 										'quota',

  50. 										\OCP\Util::computerFileSize($quota));

  51. 		}

  52. 	}

  53. 

  54. 	private function updateEmail($dn) {

  55. 		$email = null;

  56. 		$emailAttribute = $this->access->connection->ldapEmailAttribute;

  57. 		if(!empty($emailAttribute)) {

  58. 			$aEmail = $this->access->readAttribute($dn, $emailAttribute);

  59. 			if($aEmail && (count($aEmail) > 0)) {

  60. 				$email = $aEmail[0];

  61. 			}

  62. 			if(!is_null($email)) {

  63. 				\OCP\Config::setUserValue(	$this->access->dn2username($dn),

  64. 											'settings',

  65. 											'email',

  66. 											$email);

  67. 			}

  68. 		}

  69. 	}

  70. 

  71. 	/**

  72. 	 * @brief reads jpegPhoto and set is as avatar if available

  73. 	 * @param $uid string ownCloud user name

  74. 	 * @param $dn string the user's LDAP DN

  75. 	 * @return void

  76. 	 */

  77. 	private function updateAvatar($uid, $dn) {

  78. 		$hasLoggedIn = \OCP\Config::getUserValue($uid, 'user_ldap',

  79. 												 'firstLoginAccomplished', 0);

  80. 		$lastChecked = \OCP\Config::getUserValue($uid, 'user_ldap',

  81. 												 'lastJpegPhotoLookup', 0);

  82. 		if(($hasLoggedIn !== '1') || (time() - intval($lastChecked)) < 86400 ) {

  83. 			//update only once a day

  84. 			return;

  85. 		}

  86. 

  87. 		$avatarImage = $this->getAvatarImage($uid, $dn);

  88. 		if($avatarImage === false) {

  89. 			//not set, nothing left to do;

  90. 			return;

  91. 		}

  92. 

  93. 		$image = new \OCP\Image();

  94. 		$image->loadFromBase64(base64_encode($avatarImage));

  95. 

  96. 		if(!$image->valid()) {

  97. 			\OCP\Util::writeLog('user_ldap', 'jpegPhoto data invalid for '.$dn,

  98. 								\OCP\Util::ERROR);

  99. 			return;

  100. 		}

  101. 		//make sure it is a square and not bigger than 128x128

  102. 		$size = min(array($image->width(), $image->height(), 128));

  103. 		if(!$image->centerCrop($size)) {

  104. 			\OCP\Util::writeLog('user_ldap',

  105. 								'croping image for avatar failed for '.$dn,

  106. 								\OCP\Util::ERROR);

  107. 			return;

  108. 		}

  109. 

  110. 		if(!\OC\Files\Filesystem::$loaded) {

  111. 			\OC_Util::setupFS($uid);

  112. 		}

  113. 

  114. 		$avatarManager = \OC::$server->getAvatarManager();

  115. 		$avatar = $avatarManager->getAvatar($uid);

  116. 		$avatar->set($image);

  117. 	}

  118. 

  119. 	/**

  120. 	 * @brief checks whether the user is allowed to change his avatar in ownCloud

  121. 	 * @param $uid string the ownCloud user name

  122. 	 * @return boolean either the user can or cannot

  123. 	 */

  124. 	public function canChangeAvatar($uid) {

  125. 		$dn = $this->access->username2dn($uid);

  126. 		if(!$dn) {

  127. 			return false;

  128. 		}

  129. 		if($this->getAvatarImage($uid, $dn) === false) {

  130. 			//The user is allowed to change his avatar in ownCloud only if no

  131. 			//avatar is provided by LDAP

  132. 			return true;

  133. 		}

  134. 		return false;

  135. 	}

  136. 

  137. 	/**

  138. 	 * @brief reads the image from LDAP that shall be used as Avatar

  139. 	 * @param $uid string, the ownCloud user name

  140. 	 * @param $dn string, the user DN

  141. 	 * @return string data (provided by LDAP) | false

  142. 	 */

  143. 	private function getAvatarImage($uid, $dn) {

  144. 		$attributes = array('jpegPhoto', 'thumbnailPhoto');

  145. 		foreach($attributes as $attribute) {

  146. 			$result = $this->access->readAttribute($dn, $attribute);

  147. 			\OCP\Config::setUserValue($uid, 'user_ldap', 'lastJpegPhotoLookup',

  148. 									  time());

  149. 			if($result !== false && is_array($result) && isset($result[0])) {

  150. 				return $result[0];

  151. 			}

  152. 		}

  153. 

  154. 		return false;

  155. 	}

  156. 

  157. 	/**

  158. 	 * @brief Check if the password is correct

  159. 	 * @param string $uid The username

  160. 	 * @param string $password The password

  161. 	 * @return boolean

  162. 	 *

  163. 	 * Check if the password is correct without logging in the user

  164. 	 */

  165. 	public function checkPassword($uid, $password) {

  166. 		$uid = $this->access->escapeFilterPart($uid);

  167. 

  168. 		//find out dn of the user name

  169. 		$filter = \OCP\Util::mb_str_replace(

  170. 			'%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8');

  171. 		$ldap_users = $this->access->fetchListOfUsers($filter, 'dn');

  172. 		if(count($ldap_users) < 1) {

  173. 			return false;

  174. 		}

  175. 		$dn = $ldap_users[0];

  176. 

  177. 		//do we have a username for him/her?

  178. 		$ocname = $this->access->dn2username($dn);

  179. 

  180. 		if($ocname) {

  181. 			//update some settings, if necessary

  182. 			$this->updateQuota($dn);

  183. 			$this->updateEmail($dn);

  184. 

  185. 			//are the credentials OK?

  186. 			if(!$this->access->areCredentialsValid($dn, $password)) {

  187. 				return false;

  188. 			}

  189. 

  190. 			\OCP\Config::setUserValue($ocname, 'user_ldap',

  191. 									  'firstLoginAccomplished', 1);

  192. 

  193. 			$this->updateAvatar($ocname, $dn);

  194. 			//give back the display name

  195. 			return $ocname;

  196. 		}

  197. 

  198. 		return false;

  199. 	}

  200. 

  201. 	/**

  202. 	 * @brief Get a list of all users

  203. 	 * @returns array with all uids

  204. 	 *

  205. 	 * Get a list of all users.

  206. 	 */

  207. 	public function getUsers($search = '', $limit = 10, $offset = 0) {

  208. 		$search = $this->access->escapeFilterPart($search);

  209. 		$cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;

  210. 

  211. 		//check if users are cached, if so return

  212. 		$ldap_users = $this->access->connection->getFromCache($cachekey);

  213. 		if(!is_null($ldap_users)) {

  214. 			return $ldap_users;

  215. 		}

  216. 

  217. 		// if we'd pass -1 to LDAP search, we'd end up in a Protocol

  218. 		// error. With a limit of 0, we get 0 results. So we pass null.

  219. 		if($limit <= 0) {

  220. 			$limit = null;

  221. 		}

  222. 		$filter = $this->access->combineFilterWithAnd(array(

  223. 			$this->access->connection->ldapUserFilter,

  224. 			$this->access->getFilterPartForUserSearch($search)

  225. 		));

  226. 

  227. 		\OCP\Util::writeLog('user_ldap',

  228. 			'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,

  229. 			\OCP\Util::DEBUG);

  230. 		//do the search and translate results to owncloud names

  231. 		$ldap_users = $this->access->fetchListOfUsers(

  232. 			$filter,

  233. 			array($this->access->connection->ldapUserDisplayName, 'dn'),

  234. 			$limit, $offset);

  235. 		$ldap_users = $this->access->ownCloudUserNames($ldap_users);

  236. 		\OCP\Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', \OCP\Util::DEBUG);

  237. 

  238. 		$this->access->connection->writeToCache($cachekey, $ldap_users);

  239. 		return $ldap_users;

  240. 	}

  241. 

  242. 	/**

  243. 	 * @brief check if a user exists

  244. 	 * @param string $uid the username

  245. 	 * @return boolean

  246. 	 */

  247. 	public function userExists($uid) {

  248. 		if($this->access->connection->isCached('userExists'.$uid)) {

  249. 			return $this->access->connection->getFromCache('userExists'.$uid);

  250. 		}

  251. 		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.

  252. 		$dn = $this->access->username2dn($uid);

  253. 		if(!$dn) {

  254. 			\OCP\Util::writeLog('user_ldap', 'No DN found for '.$uid.' on '.

  255. 				$this->access->connection->ldapHost, \OCP\Util::DEBUG);

  256. 			$this->access->connection->writeToCache('userExists'.$uid, false);

  257. 			return false;

  258. 		}

  259. 		//check if user really still exists by reading its entry

  260. 		if(!is_array($this->access->readAttribute($dn, ''))) {

  261. 			\OCP\Util::writeLog('user_ldap', 'LDAP says no user '.$dn.' on '.

  262. 				$this->access->connection->ldapHost, \OCP\Util::DEBUG);

  263. 			$this->access->connection->writeToCache('userExists'.$uid, false);

  264. 			return false;

  265. 		}

  266. 

  267. 		$this->access->connection->writeToCache('userExists'.$uid, true);

  268. 		$this->updateQuota($dn);

  269. 		$this->updateAvatar($uid, $dn);

  270. 		return true;

  271. 	}

  272. 

  273. 	/**

  274. 	* @brief delete a user

  275. 	* @param $uid The username of the user to delete

  276. 	* @returns true/false

  277. 	*

  278. 	* Deletes a user

  279. 	*/

  280. 	public function deleteUser($uid) {

  281. 		return false;

  282. 	}

  283. 

  284. 	/**

  285. 	* @brief get the user's home directory

  286. 	* @param string $uid the username

  287. 	* @return boolean

  288. 	*/

  289. 	public function getHome($uid) {

  290. 		// user Exists check required as it is not done in user proxy!

  291. 		if(!$this->userExists($uid)) {

  292. 			return false;

  293. 		}

  294. 

  295. 		$cacheKey = 'getHome'.$uid;

  296. 		if($this->access->connection->isCached($cacheKey)) {

  297. 			return $this->access->connection->getFromCache($cacheKey);

  298. 		}

  299. 		if(strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0) {

  300. 			$attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));

  301. 			$homedir = $this->access->readAttribute(

  302. 						$this->access->username2dn($uid), $attr);

  303. 			if($homedir && isset($homedir[0])) {

  304. 				$path = $homedir[0];

  305. 				//if attribute's value is an absolute path take this, otherwise append it to data dir

  306. 				//check for / at the beginning or pattern c:\ resp. c:/

  307. 				if(

  308. 					'/' === $path[0]

  309. 					|| (3 < strlen($path) && ctype_alpha($path[0])

  310. 						&& $path[1] === ':' && ('\\' === $path[2] || '/' === $path[2]))

  311. 				) {

  312. 					$homedir = $path;

  313. 				} else {

  314. 					$homedir = \OCP\Config::getSystemValue('datadirectory',

  315. 						\OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];

  316. 				}

  317. 				$this->access->connection->writeToCache($cacheKey, $homedir);

  318. 				return $homedir;

  319. 			}

  320. 		}

  321. 

  322. 		//false will apply default behaviour as defined and done by OC_User

  323. 		$this->access->connection->writeToCache($cacheKey, false);

  324. 		return false;

  325. 	}

  326. 

  327. 	/**

  328. 	 * @brief get display name of the user

  329. 	 * @param $uid user ID of the user

  330. 	 * @return display name

  331. 	 */

  332. 	public function getDisplayName($uid) {

  333. 		if(!$this->userExists($uid)) {

  334. 			return false;

  335. 		}

  336. 

  337. 		$cacheKey = 'getDisplayName'.$uid;

  338. 		if(!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {

  339. 			return $displayName;

  340. 		}

  341. 

  342. 		$displayName = $this->access->readAttribute(

  343. 			$this->access->username2dn($uid),

  344. 			$this->access->connection->ldapUserDisplayName);

  345. 

  346. 		if($displayName && (count($displayName) > 0)) {

  347. 			$this->access->connection->writeToCache($cacheKey, $displayName[0]);

  348. 			return $displayName[0];

  349. 		}

  350. 

  351. 		return null;

  352. 	}

  353. 

  354. 	/**

  355. 	 * @brief Get a list of all display names

  356. 	 * @returns array with  all displayNames (value) and the correspondig uids (key)

  357. 	 *

  358. 	 * Get a list of all display names and user ids.

  359. 	 */

  360. 	public function getDisplayNames($search = '', $limit = null, $offset = null) {

  361. 		$cacheKey = 'getDisplayNames-'.$search.'-'.$limit.'-'.$offset;

  362. 		if(!is_null($displayNames = $this->access->connection->getFromCache($cacheKey))) {

  363. 			return $displayNames;

  364. 		}

  365. 

  366. 		$displayNames = array();

  367. 		$users = $this->getUsers($search, $limit, $offset);

  368. 		foreach ($users as $user) {

  369. 			$displayNames[$user] = $this->getDisplayName($user);

  370. 		}

  371. 		$this->access->connection->writeToCache($cacheKey, $displayNames);

  372. 		return $displayNames;

  373. 	}

  374. 

  375. 		/**

  376. 	* @brief Check if backend implements actions

  377. 	* @param $actions bitwise-or'ed actions

  378. 	* @returns boolean

  379. 	*

  380. 	* Returns the supported actions as int to be

  381. 	* compared with OC_USER_BACKEND_CREATE_USER etc.

  382. 	*/

  383. 	public function implementsActions($actions) {

  384. 		return (bool)((OC_USER_BACKEND_CHECK_PASSWORD

  385. 			| OC_USER_BACKEND_GET_HOME

  386. 			| OC_USER_BACKEND_GET_DISPLAYNAME

  387. 			| OC_USER_BACKEND_PROVIDE_AVATAR

  388. 			| OC_USER_BACKEND_COUNT_USERS)

  389. 			& $actions);

  390. 	}

  391. 

  392. 	/**

  393. 	 * @return bool

  394. 	 */

  395. 	public function hasUserListings() {

  396. 		return true;

  397. 	}

  398. 

  399. 	/**

  400. 	 * counts the users in LDAP

  401. 	 *

  402. 	 * @return int | bool

  403. 	 */

  404. 	public function countUsers() {

  405. 		$filter = \OCP\Util::mb_str_replace(

  406. 			'%uid', '*', $this->access->connection->ldapLoginFilter, 'UTF-8');

  407. 		$entries = $this->access->countUsers($filter);

  408. 		return $entries;

  409. 	}

  410. }