aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2015-05-26 16:06:21 +0200
committerThomas Müller <thomas.mueller@tmit.eu>2015-05-26 16:06:21 +0200
commit55a122a9fecabc928162cab1346c22e3e7c86f70 (patch)
tree7fc2058490be7af55165e527d6387fe903038fc7
parent5014d2c60c86cad53edfb220d704441d8bd9d05a (diff)
parentae850d76ea9bebf77f55ce54fc5015db725dec4f (diff)
downloadnextcloud-server-55a122a9fecabc928162cab1346c22e3e7c86f70.tar.gz
nextcloud-server-55a122a9fecabc928162cab1346c22e3e7c86f70.zip
Merge pull request #13742 from owncloud/fix-12190-2-stable7
[backport #13740] backport #13740 to stable7
-rw-r--r--apps/user_ldap/group_ldap.php98
-rw-r--r--apps/user_ldap/lib/access.php2
-rw-r--r--apps/user_ldap/lib/connection.php3
-rw-r--r--apps/user_ldap/lib/wizard.php14
-rw-r--r--apps/user_ldap/tests/group_ldap.php77
5 files changed, 164 insertions, 30 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index cba19f3791c..0d39b74bbe8 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -249,32 +249,76 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
}
/**
- * returns a list of users that have the given group as primary group
+ * returns a filter for a "users in primary group" search or count operation
*
* @param string $groupDN
- * @param $limit
- * @param int $offset
- * @return string[]
+ * @param string $search
+ * @return string
+ * @throws \Exception
*/
- public function getUsersInPrimaryGroup($groupDN, $limit = -1, $offset = 0) {
+ private function prepareFilterForUsersInPrimaryGroup($groupDN, $search = '') {
$groupID = $this->getGroupPrimaryGroupID($groupDN);
if($groupID === false) {
- return array();
+ throw new \Exception('Not a valid group');
}
- $filter = $this->access->combineFilterWithAnd(array(
- $this->access->connection->ldapUserFilter,
- 'primaryGroupID=' . $groupID
- ));
+ $filterParts = [];
+ // part for counting users (see countUsers in user backend)
+ // it is consolidated in OC 8. No big changes for OC 7.
+ $filterParts[] = \OCP\Util::mb_str_replace(
+ '%uid', '*', $this->access->connection->ldapLoginFilter, 'UTF-8');
+ if(!empty($search)) {
+ $search = $this->access->escapeFilterPart($search, true);
+ $filterParts[] = $this->access->getFilterPartForUserSearch($search);
+ }
+ $filterParts[] = 'primaryGroupID=' . $groupID;
- $users = $this->access->fetchListOfUsers(
- $filter,
- array($this->access->connection->ldapUserDisplayName, 'dn'),
- $limit,
- $offset
- );
+ $filter = $this->access->combineFilterWithAnd($filterParts);
+
+ return $filter;
+ }
+
+ /**
+ * returns a list of users that have the given group as primary group
+ *
+ * @param string $groupDN
+ * @param string $search
+ * @param int $limit
+ * @param int $offset
+ * @return string[]
+ */
+ public function getUsersInPrimaryGroup($groupDN, $search = '', $limit = -1, $offset = 0) {
+ try {
+ $filter = $this->prepareFilterForUsersInPrimaryGroup($groupDN, $search);
+ $users = $this->access->fetchListOfUsers(
+ $filter,
+ array($this->access->connection->ldapUserDisplayName, 'dn'),
+ $limit,
+ $offset
+ );
+ return $this->access->ownCloudUserNames($users);
+ } catch (\Exception $e) {
+ return array();
+ }
+ }
- return $users;
+ /**
+ * returns the number of users that have the given group as primary group
+ *
+ * @param string $groupDN
+ * @param string $search
+ * @param int $limit
+ * @param int $offset
+ * @return int
+ */
+ public function countUsersInPrimaryGroup($groupDN, $search = '', $limit = -1, $offset = 0) {
+ try {
+ $filter = $this->prepareFilterForUsersInPrimaryGroup($groupDN, $search);
+ $users = $this->access->countUsers($filter, array('dn'), $limit, $offset);
+ return (int)$users;
+ } catch (\Exception $e) {
+ return 0;
+ }
}
/**
@@ -405,6 +449,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
if(!$this->groupExists($gid)) {
return array();
}
+ $search = $this->access->escapeFilterPart($search, true);
$cacheKey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
// check for cache of the exact query
$groupUsers = $this->access->connection->getFromCache($cacheKey);
@@ -430,8 +475,9 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
return array();
}
+ $primaryUsers = $this->getUsersInPrimaryGroup($groupDN, $search, $limit, $offset);
$members = array_keys($this->_groupMembers($groupDN));
- if(!$members) {
+ if(!$members && empty($primaryUsers)) {
//in case users could not be retrieved, return empty result set
$this->access->connection->writeToCache($cacheKey, array());
return array();
@@ -468,13 +514,11 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
}
}
+ $groupUsers = array_unique(array_merge($groupUsers, $primaryUsers));
natsort($groupUsers);
$this->access->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
$groupUsers = array_slice($groupUsers, $offset, $limit);
- //and get users that have the group as primary
- $primaryUsers = $this->getUsersInPrimaryGroup($groupDN, $limit, $offset);
- $groupUsers = array_unique(array_merge($groupUsers, $primaryUsers));
$this->access->connection->writeToCache($cacheKey, $groupUsers);
@@ -505,17 +549,19 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
}
$members = array_keys($this->_groupMembers($groupDN));
- if(!$members) {
+ $primaryUserCount = $this->countUsersInPrimaryGroup($groupDN, '');
+ if(!$members && $primaryUserCount === 0) {
//in case users could not be retrieved, return empty result set
$this->access->connection->writeToCache($cacheKey, false);
return false;
}
if(empty($search)) {
- $groupUsers = count($members);
+ $groupUsers = count($members) + $primaryUserCount;
$this->access->connection->writeToCache($cacheKey, $groupUsers);
return $groupUsers;
}
+ $search = $this->access->escapeFilterPart($search, true);
$isMemberUid =
(strtolower($this->access->connection->ldapGroupMemberAssocAttr)
=== 'memberuid');
@@ -557,10 +603,9 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
}
//and get users that have the group as primary
- $primaryUsers = $this->getUsersInPrimaryGroup($groupDN);
- $groupUsers = array_unique(array_merge($groupUsers, $primaryUsers));
+ $primaryUsers = $this->countUsersInPrimaryGroup($groupDN, $search);
- return count($groupUsers);
+ return count($groupUsers) + $primaryUsers;
}
/**
@@ -623,6 +668,7 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
if(!$this->enabled) {
return array();
}
+ $search = $this->access->escapeFilterPart($search, true);
$pagingSize = $this->access->connection->ldapPagingSize;
if ((! $this->access->connection->hasPagedResultSupport)
|| empty($pagingSize)) {
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index a38f6be00e0..9ed8a0e7b69 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -1069,7 +1069,7 @@ class Access extends LDAPUtility implements user\IUserTools {
/**
* escapes (user provided) parts for LDAP filter
* @param string $input, the provided value
- * @param bool $allowAsterisk wether in * at the beginning should be preserved
+ * @param bool $allowAsterisk whether in * at the beginning should be preserved
* @return string the escaped string
*/
public function escapeFilterPart($input, $allowAsterisk = false) {
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index d017fe8029c..f484423cb85 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -32,7 +32,10 @@ use OC\ServerNotAvailableException;
* @property string ldapUserFilter
* @property string ldapUserDisplayName
* @property boolean hasPagedResultSupport
+ * @property string[] ldapBaseUsers
* @property int|string ldapPagingSize holds an integer
+ * @property string ldapLoginFilter
+ * @property string ldapGroupMemberAssocAttr
*/
class Connection extends LDAPUtility {
private $ldapConnectionRes = null;
diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 0480e5b6b64..a2b86843ea5 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -804,13 +804,23 @@ class Wizard extends LDAPUtility {
}
$base = $this->configuration->ldapBase[0];
foreach($cns as $cn) {
- $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn'));
+ $rr = $this->ldap->search($cr, $base, 'cn=' . $cn, array('dn', 'primaryGroupToken'));
if(!$this->ldap->isResource($rr)) {
continue;
}
$er = $this->ldap->firstEntry($cr, $rr);
+ $attrs = $this->ldap->getAttributes($cr, $er);
$dn = $this->ldap->getDN($cr, $er);
- $filter .= '(memberof=' . $dn . ')';
+ if(empty($dn)) {
+ continue;
+ }
+ $filterPart = '(memberof=' . $dn . ')';
+ if(isset($attrs['primaryGroupToken'])) {
+ $pgt = $attrs['primaryGroupToken'][0];
+ $primaryFilterPart = '(primaryGroupID=' . $pgt .')';
+ $filterPart = '(|' . $filterPart . $primaryFilterPart . ')';
+ }
+ $filter .= $filterPart;
}
$filter .= ')';
}
diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php
index 8066bce02e3..b18ebb50efa 100644
--- a/apps/user_ldap/tests/group_ldap.php
+++ b/apps/user_ldap/tests/group_ldap.php
@@ -77,10 +77,15 @@ class Test_Group_Ldap extends \PHPUnit_Framework_TestCase {
->method('readAttribute')
->will($this->returnValue(array('u11', 'u22', 'u33', 'u34')));
+ // for primary groups
+ $access->expects($this->once())
+ ->method('countUsers')
+ ->will($this->returnValue(2));
+
$groupBackend = new GroupLDAP($access);
$users = $groupBackend->countUsersInGroup('group');
- $this->assertSame(4, $users);
+ $this->assertSame(6, $users);
}
public function testCountWithSearchString() {
@@ -308,4 +313,74 @@ class Test_Group_Ldap extends \PHPUnit_Framework_TestCase {
$this->assertSame(2, count($groups));
}
+ /**
+ * tests that a user listing is complete, if all it's members have the group
+ * as their primary.
+ */
+ public function testUsersInGroupPrimaryMembersOnly() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $access->connection->expects($this->any())
+ ->method('getFromCache')
+ ->will($this->returnValue(null));
+
+ $access->expects($this->any())
+ ->method('readAttribute')
+ ->will($this->returnCallback(function($dn, $attr) {
+ if($attr === 'primaryGroupToken') {
+ return array(1337);
+ }
+ return array();
+ }));
+
+ $access->expects($this->any())
+ ->method('groupname2dn')
+ ->will($this->returnValue('cn=foobar,dc=foo,dc=bar'));
+
+ $access->expects($this->once())
+ ->method('ownCloudUserNames')
+ ->will($this->returnValue(array('lisa', 'bart', 'kira', 'brad')));
+
+ $groupBackend = new GroupLDAP($access);
+ $users = $groupBackend->usersInGroup('foobar');
+
+ $this->assertSame(4, count($users));
+ }
+
+ /**
+ * tests that a user counting is complete, if all it's members have the group
+ * as their primary.
+ */
+ public function testCountUsersInGroupPrimaryMembersOnly() {
+ $access = $this->getAccessMock();
+ $this->enableGroups($access);
+
+ $access->connection->expects($this->any())
+ ->method('getFromCache')
+ ->will($this->returnValue(null));
+
+ $access->expects($this->any())
+ ->method('readAttribute')
+ ->will($this->returnCallback(function($dn, $attr) {
+ if($attr === 'primaryGroupToken') {
+ return array(1337);
+ }
+ return array();
+ }));
+
+ $access->expects($this->any())
+ ->method('groupname2dn')
+ ->will($this->returnValue('cn=foobar,dc=foo,dc=bar'));
+
+ $access->expects($this->once())
+ ->method('countUsers')
+ ->will($this->returnValue(4));
+
+ $groupBackend = new GroupLDAP($access);
+ $users = $groupBackend->countUsersInGroup('foobar');
+
+ $this->assertSame(4, $users);
+ }
+
}