diff options
| author | Côme Chilliet <91878298+come-nc@users.noreply.github.com> | 2022-11-21 16:05:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-21 16:05:17 +0100 |
| commit | 341dda1de618ee76a1e617cc4c15267c120d32c3 (patch) | |
| tree | 9ff01d59d117e56d764df68b3b4360e4b7cfd7c2 /apps/user_ldap/lib | |
| parent | 5e74b1e9ad3cc1f79f5eda38194a49a26a4f6d85 (diff) | |
| parent | c2cb790532f2a7ea5a9ad39167d95b69c9ed6c10 (diff) | |
| download | nextcloud-server-341dda1de618ee76a1e617cc4c15267c120d32c3.tar.gz nextcloud-server-341dda1de618ee76a1e617cc4c15267c120d32c3.zip | |
Merge branch 'master' into fix/clean-ldap-access-factory-usage
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Diffstat (limited to 'apps/user_ldap/lib')
| -rw-r--r-- | apps/user_ldap/lib/AppInfo/Application.php | 27 | ||||
| -rw-r--r-- | apps/user_ldap/lib/DataCollector/LdapDataCollector.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ILDAPWrapper.php | 9 | ||||
| -rw-r--r-- | apps/user_ldap/lib/LDAP.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/User_LDAP.php | 7 | ||||
| -rw-r--r-- | apps/user_ldap/lib/User_Proxy.php | 20 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Wizard.php | 198 |
7 files changed, 156 insertions, 111 deletions
diff --git a/apps/user_ldap/lib/AppInfo/Application.php b/apps/user_ldap/lib/AppInfo/Application.php index 79998a580e5..757ac141d3d 100644 --- a/apps/user_ldap/lib/AppInfo/Application.php +++ b/apps/user_ldap/lib/AppInfo/Application.php @@ -31,6 +31,7 @@ use OCA\Files_External\Service\BackendService; use OCA\User_LDAP\Controller\RenewPasswordController; use OCA\User_LDAP\Events\GroupBackendRegistered; use OCA\User_LDAP\Events\UserBackendRegistered; +use OCA\User_LDAP\FilesystemHelper; use OCA\User_LDAP\Group_Proxy; use OCA\User_LDAP\GroupPluginManager; use OCA\User_LDAP\Handler\ExtStorageConfigHandler; @@ -38,6 +39,7 @@ use OCA\User_LDAP\Helper; use OCA\User_LDAP\ILDAPWrapper; use OCA\User_LDAP\LDAP; use OCA\User_LDAP\Notification\Notifier; +use OCA\User_LDAP\User\Manager; use OCA\User_LDAP\User_Proxy; use OCA\User_LDAP\UserPluginManager; use OCP\AppFramework\App; @@ -46,10 +48,17 @@ use OCP\AppFramework\Bootstrap\IBootstrap; use OCP\AppFramework\Bootstrap\IRegistrationContext; use OCP\AppFramework\IAppContainer; use OCP\EventDispatcher\IEventDispatcher; +use OCP\IAvatarManager; +use OCP\IConfig; use OCP\IGroupManager; use OCP\IL10N; +use OCP\Image; use OCP\IServerContainer; +use OCP\IUserManager; use OCP\Notification\IManager as INotificationManager; +use OCP\Share\IManager as IShareManager; +use Psr\Container\ContainerInterface; +use Psr\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; class Application extends App implements IBootstrap { @@ -87,6 +96,24 @@ class Application extends App implements IBootstrap { public function register(IRegistrationContext $context): void { $context->registerNotifierService(Notifier::class); + + $context->registerService( + Manager::class, + function (ContainerInterface $c) { + return new Manager( + $c->get(IConfig::class), + $c->get(FilesystemHelper::class), + $c->get(LoggerInterface::class), + $c->get(IAvatarManager::class), + $c->get(Image::class), + $c->get(IUserManager::class), + $c->get(INotificationManager::class), + $c->get(IShareManager::class), + ); + }, + // the instance is specific to a lazy bound Access instance, thus cannot be shared. + false + ); } public function boot(IBootContext $context): void { diff --git a/apps/user_ldap/lib/DataCollector/LdapDataCollector.php b/apps/user_ldap/lib/DataCollector/LdapDataCollector.php index cb61de96e37..833b314b199 100644 --- a/apps/user_ldap/lib/DataCollector/LdapDataCollector.php +++ b/apps/user_ldap/lib/DataCollector/LdapDataCollector.php @@ -28,12 +28,13 @@ use OCP\AppFramework\Http\Response; use OCP\DataCollector\AbstractDataCollector; class LdapDataCollector extends AbstractDataCollector { - public function startLdapRequest(string $query, array $args): void { + public function startLdapRequest(string $query, array $args, array $backtrace): void { $this->data[] = [ 'start' => microtime(true), 'query' => $query, 'args' => $args, 'end' => microtime(true), + 'backtrace' => $backtrace, ]; } diff --git a/apps/user_ldap/lib/ILDAPWrapper.php b/apps/user_ldap/lib/ILDAPWrapper.php index b5c5568348e..6ec88effa5f 100644 --- a/apps/user_ldap/lib/ILDAPWrapper.php +++ b/apps/user_ldap/lib/ILDAPWrapper.php @@ -30,7 +30,6 @@ namespace OCA\User_LDAP; interface ILDAPWrapper { - //LDAP functions in use /** @@ -48,7 +47,7 @@ interface ILDAPWrapper { * connect to an LDAP server * @param string $host The host to connect to * @param string $port The port to connect to - * @return mixed a link resource on success, otherwise false + * @return resource|\LDAP\Connection|false a link resource on success, otherwise false */ public function connect($host, $port); @@ -106,7 +105,7 @@ interface ILDAPWrapper { * Get attributes from a search result entry * @param resource|\LDAP\Connection $link LDAP link resource * @param resource|\LDAP\ResultEntry $result LDAP result resource - * @return array containing the results, false on error + * @return array|false containing the results, false on error * */ public function getAttributes($link, $result); @@ -114,7 +113,7 @@ interface ILDAPWrapper { * Get the DN of a result entry * @param resource|\LDAP\Connection $link LDAP link resource * @param resource|\LDAP\ResultEntry $result LDAP result resource - * @return string containing the DN, false on error + * @return string|false containing the DN, false on error */ public function getDN($link, $result); @@ -122,7 +121,7 @@ interface ILDAPWrapper { * Get all result entries * @param resource|\LDAP\Connection $link LDAP link resource * @param resource|\LDAP\Result $result LDAP result resource - * @return array containing the results, false on error + * @return array|false containing the results, false on error */ public function getEntries($link, $result); diff --git a/apps/user_ldap/lib/LDAP.php b/apps/user_ldap/lib/LDAP.php index c03337a9e51..6a54f89880d 100644 --- a/apps/user_ldap/lib/LDAP.php +++ b/apps/user_ldap/lib/LDAP.php @@ -330,7 +330,8 @@ class LDAP implements ILDAPWrapper { return $item; }, $this->curArgs); - $this->dataCollector->startLdapRequest($functionName, $args); + $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); + $this->dataCollector->startLdapRequest($functionName, $args, $backtrace); } if ($this->logFile !== '' && is_writable(dirname($this->logFile)) && (!file_exists($this->logFile) || is_writable($this->logFile))) { diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php index 036ddaa9af4..f855dcb1fd6 100644 --- a/apps/user_ldap/lib/User_LDAP.php +++ b/apps/user_ldap/lib/User_LDAP.php @@ -48,11 +48,12 @@ use OCP\IConfig; use OCP\IUserBackend; use OCP\IUserSession; use OCP\Notification\IManager as INotificationManager; +use OCP\User\Backend\ICountMappedUsersBackend; use OCP\User\Backend\ICountUsersBackend; use OCP\UserInterface; use Psr\Log\LoggerInterface; -class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend { +class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend, ICountMappedUsersBackend { /** @var \OCP\IConfig */ protected $ocConfig; @@ -598,6 +599,10 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I return $entries; } + public function countMappedUsers(): int { + return $this->access->getUserMapper()->count(); + } + /** * Backend name to be shown in user management * @return string the name of the backend to be shown diff --git a/apps/user_ldap/lib/User_Proxy.php b/apps/user_ldap/lib/User_Proxy.php index 8b194f250b4..b07c632eeeb 100644 --- a/apps/user_ldap/lib/User_Proxy.php +++ b/apps/user_ldap/lib/User_Proxy.php @@ -33,12 +33,15 @@ namespace OCA\User_LDAP; use OCA\User_LDAP\User\User; use OCP\IConfig; +use OCP\IUserBackend; use OCP\IUserSession; use OCP\Notification\IManager as INotificationManager; +use OCP\User\Backend\ICountMappedUsersBackend; use OCP\User\Backend\ICountUsersBackend; +use OCP\UserInterface; -class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP, ICountUsersBackend { - /** @var array<string,User_LDAP> */ +class User_Proxy extends Proxy implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend, ICountMappedUsersBackend { + /** @var array<string,User_LDAP> */ private $backends = []; /** @var ?User_LDAP */ private $refBackend = null; @@ -392,6 +395,19 @@ class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface, } /** + * Count the number of mapped users + */ + public function countMappedUsers(): int { + $this->setup(); + + $users = 0; + foreach ($this->backends as $backend) { + $users += $backend->countMappedUsers(); + } + return $users; + } + + /** * Return access for LDAP interaction. * * @param string $uid diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index 19de55c091d..2ecdce610a7 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -19,6 +19,7 @@ * @author Tobias Perschon <tobias@perschon.at> * @author Victor Dubiniuk <dubiniuk@owncloud.com> * @author Xuanwo <xuanwo@yunify.com> + * @author Côme Chilliet <come.chilliet@nextcloud.com> * * @license AGPL-3.0 * @@ -35,22 +36,22 @@ * along with this program. If not, see <http://www.gnu.org/licenses/> * */ + namespace OCA\User_LDAP; use OC\ServerNotAvailableException; +use OCP\IL10N; +use OCP\L10N\IFactory as IL10NFactory; use Psr\Log\LoggerInterface; class Wizard extends LDAPUtility { - /** @var \OCP\IL10N */ - protected static $l; - protected $access; + protected static ?IL10N $l = null; + protected Access $access; + /** @var resource|\LDAP\Connection|null */ protected $cr; - protected $configuration; - protected $result; - protected $resultCache = []; - - /** @var LoggerInterface */ - protected $logger; + protected Configuration $configuration; + protected WizardResult $result; + protected LoggerInterface $logger; public const LRESULT_PROCESSED_OK = 2; public const LRESULT_PROCESSED_INVALID = 3; @@ -65,17 +66,15 @@ class Wizard extends LDAPUtility { public const LDAP_NW_TIMEOUT = 4; - /** - * Constructor - * @param Configuration $configuration an instance of Configuration - * @param ILDAPWrapper $ldap an instance of ILDAPWrapper - * @param Access $access - */ - public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) { + public function __construct( + Configuration $configuration, + ILDAPWrapper $ldap, + Access $access + ) { parent::__construct($ldap); $this->configuration = $configuration; - if (is_null(Wizard::$l)) { - Wizard::$l = \OC::$server->getL10N('user_ldap'); + if (is_null(static::$l)) { + static::$l = \OC::$server->get(IL10NFactory::class)->get('user_ldap'); } $this->access = $access; $this->result = new WizardResult(); @@ -93,7 +92,6 @@ class Wizard extends LDAPUtility { * * @param string $filter the LDAP search filter * @param string $type a string being either 'users' or 'groups'; - * @return int * @throws \Exception */ public function countEntries(string $filter, string $type): int { @@ -120,6 +118,9 @@ class Wizard extends LDAPUtility { return (int)$result; } + /** + * @return WizardResult|false + */ public function countGroups() { $filter = $this->configuration->ldapGroupFilter; @@ -153,10 +154,9 @@ class Wizard extends LDAPUtility { } /** - * @return WizardResult * @throws \Exception */ - public function countUsers() { + public function countUsers(): WizardResult { $filter = $this->access->getFilterForUserCount(); $usersTotal = $this->countEntries($filter, 'users'); @@ -176,32 +176,26 @@ class Wizard extends LDAPUtility { /** * counts any objects in the currently set base dn * - * @return WizardResult * @throws \Exception */ - public function countInBaseDN() { + public function countInBaseDN(): WizardResult { // we don't need to provide a filter in this case $total = $this->countEntries('', 'objects'); - if ($total === false) { - throw new \Exception('invalid results received'); - } $this->result->addChange('ldap_test_base', $total); return $this->result; } /** * counts users with a specified attribute - * @param string $attr - * @param bool $existsCheck - * @return int|bool + * @return int|false */ - public function countUsersWithAttribute($attr, $existsCheck = false) { + public function countUsersWithAttribute(string $attr, bool $existsCheck = false) { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapBase', 'ldapUserFilter', ])) { - return false; + return false; } $filter = $this->access->combineFilterWithAnd([ @@ -209,7 +203,7 @@ class Wizard extends LDAPUtility { $attr . '=*' ]); - $limit = ($existsCheck === false) ? null : 1; + $limit = $existsCheck ? null : 1; return $this->access->countUsers($filter, ['dn'], $limit); } @@ -217,7 +211,7 @@ class Wizard extends LDAPUtility { /** * detects the display name attribute. If a setting is already present that * returns at least one hit, the detection will be canceled. - * @return WizardResult|bool + * @return WizardResult|false * @throws \Exception */ public function detectUserDisplayNameAttribute() { @@ -308,7 +302,7 @@ class Wizard extends LDAPUtility { } /** - * @return WizardResult + * @return WizardResult|false * @throws \Exception */ public function determineAttributes() { @@ -317,11 +311,15 @@ class Wizard extends LDAPUtility { 'ldapBase', 'ldapUserFilter', ])) { - return false; + return false; } $attributes = $this->getUserAttributes(); + if (!is_array($attributes)) { + throw new \Exception('Failed to determine user attributes'); + } + natcasesort($attributes); $attributes = array_values($attributes); @@ -337,7 +335,7 @@ class Wizard extends LDAPUtility { /** * detects the available LDAP attributes - * @return array|false The instance's WizardResult instance + * @return array|false * @throws \Exception */ private function getUserAttributes() { @@ -346,7 +344,7 @@ class Wizard extends LDAPUtility { 'ldapBase', 'ldapUserFilter', ])) { - return false; + return false; } $cr = $this->getConnection(); if (!$cr) { @@ -359,8 +357,12 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { return false; } + /** @var resource|\LDAP\Result $rr */ $er = $this->ldap->firstEntry($cr, $rr); $attributes = $this->ldap->getAttributes($cr, $er); + if ($attributes === false) { + return false; + } $pureAttributes = []; for ($i = 0; $i < $attributes['count']; $i++) { $pureAttributes[] = $attributes[$i]; @@ -390,18 +392,15 @@ class Wizard extends LDAPUtility { /** * detects the available LDAP groups - * @param string $dbKey - * @param string $confKey - * @param bool $testMemberOf * @return WizardResult|false the instance's WizardResult instance * @throws \Exception */ - private function determineGroups($dbKey, $confKey, $testMemberOf = true) { + private function determineGroups(string $dbKey, string $confKey, bool $testMemberOf = true) { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapBase', ])) { - return false; + return false; } $cr = $this->getConnection(); if (!$cr) { @@ -424,12 +423,9 @@ class Wizard extends LDAPUtility { /** * fetches all groups from LDAP and adds them to the result object * - * @param string $dbKey - * @param string $confKey - * @return array $groupEntries * @throws \Exception */ - public function fetchGroups($dbKey, $confKey) { + public function fetchGroups(string $dbKey, string $confKey): array { $obclasses = ['posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames', 'groupOfUniqueNames']; $filterParts = []; @@ -451,7 +447,7 @@ class Wizard extends LDAPUtility { // detection will fail later $result = $this->access->searchGroups($filter, ['cn', 'dn'], $limit, $offset); foreach ($result as $item) { - if (!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) { + if (!isset($item['cn']) || !is_array($item['cn']) || !isset($item['cn'][0])) { // just in case - no issue known continue; } @@ -476,12 +472,15 @@ class Wizard extends LDAPUtility { return $groupEntries; } + /** + * @return WizardResult|false + */ public function determineGroupMemberAssoc() { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapGroupFilter', ])) { - return false; + return false; } $attribute = $this->detectGroupMemberAssoc(); if ($attribute === false) { @@ -522,7 +521,7 @@ class Wizard extends LDAPUtility { /** * detects the available object classes - * @return WizardResult + * @return WizardResult|false * @throws \Exception */ public function determineUserObjectClasses() { @@ -530,7 +529,7 @@ class Wizard extends LDAPUtility { 'ldapPort', 'ldapBase', ])) { - return false; + return false; } $cr = $this->getConnection(); if (!$cr) { @@ -602,7 +601,7 @@ class Wizard extends LDAPUtility { } /** - * @return bool|WizardResult + * @return WizardResult|false * @throws \Exception */ public function getUserLoginFilter() { @@ -624,11 +623,10 @@ class Wizard extends LDAPUtility { } /** - * @return bool|WizardResult - * @param string $loginName + * @return WizardResult|false * @throws \Exception */ - public function testLoginName($loginName) { + public function testLoginName(string $loginName) { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapBase', @@ -641,6 +639,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($cr)) { throw new \Exception('connection error'); } + /** @var resource|\LDAP\Connection $cr */ if (mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8') === false) { @@ -670,10 +669,6 @@ class Wizard extends LDAPUtility { $this->checkHost(); $portSettings = $this->getPortSettingsToTry(); - if (!is_array($portSettings)) { - throw new \Exception(print_r($portSettings, true)); - } - //proceed from the best configuration and return on first success foreach ($portSettings as $setting) { $p = $setting['port']; @@ -742,7 +737,7 @@ class Wizard extends LDAPUtility { //this did not help :( //Let's see whether we can parse the Host URL and convert the domain to //a base DN - $helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()); + $helper = \OC::$server->get(Helper::class); $domain = $helper->getDomainFromURL($this->configuration->ldapHost); if (!$domain) { return false; @@ -768,7 +763,7 @@ class Wizard extends LDAPUtility { * @param string $value the (detected) value * */ - private function applyFind($key, $value) { + private function applyFind(string $key, string $value): void { $this->result->addChange($key, $value); $this->configuration->setConfiguration([$key => $value]); } @@ -778,7 +773,7 @@ class Wizard extends LDAPUtility { * field. In this case the port will be stripped off, but also stored as * setting. */ - private function checkHost() { + private function checkHost(): void { $host = $this->configuration->ldapHost; $hostInfo = parse_url($host); @@ -787,14 +782,14 @@ class Wizard extends LDAPUtility { $port = $hostInfo['port']; $host = str_replace(':'.$port, '', $host); $this->applyFind('ldap_host', $host); - $this->applyFind('ldap_port', $port); + $this->applyFind('ldap_port', (string)$port); } } /** * tries to detect the group member association attribute which is * one of 'uniqueMember', 'memberUid', 'member', 'gidNumber' - * @return string|false, string with the attribute name, false on error + * @return string|false string with the attribute name, false on error * @throws \Exception */ private function detectGroupMemberAssoc() { @@ -812,6 +807,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { return false; } + /** @var resource|\LDAP\Result $rr */ $er = $this->ldap->firstEntry($cr, $rr); while ($this->ldap->isResource($er)) { $this->ldap->getDN($cr, $er); @@ -840,7 +836,7 @@ class Wizard extends LDAPUtility { * @return bool true on success, false otherwise * @throws \Exception */ - private function testBaseDN($base) { + private function testBaseDN(string $base): bool { $cr = $this->getConnection(); if (!$cr) { throw new \Exception('Could not connect to LDAP'); @@ -858,6 +854,7 @@ class Wizard extends LDAPUtility { ); return false; } + /** @var resource|\LDAP\Result $rr */ $entries = $this->ldap->countEntries($cr, $rr); return ($entries !== false) && ($entries > 0); } @@ -871,7 +868,7 @@ class Wizard extends LDAPUtility { * @return bool true if it does, false otherwise * @throws \Exception */ - private function testMemberOf() { + private function testMemberOf(): bool { $cr = $this->getConnection(); if (!$cr) { throw new \Exception('Could not connect to LDAP'); @@ -885,13 +882,12 @@ class Wizard extends LDAPUtility { /** * creates an LDAP Filter from given configuration - * @param integer $filterType int, for which use case the filter shall be created + * @param int $filterType int, for which use case the filter shall be created * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or * self::LFILTER_GROUP_LIST - * @return string|false string with the filter on success, false otherwise * @throws \Exception */ - private function composeLdapFilter($filterType) { + private function composeLdapFilter(int $filterType): string { $filter = ''; $parts = 0; switch ($filterType) { @@ -921,6 +917,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { continue; } + /** @var resource|\LDAP\Result $rr */ $er = $this->ldap->firstEntry($cr, $rr); $attrs = $this->ldap->getAttributes($cr, $er); $dn = $this->ldap->getDN($cr, $er); @@ -980,6 +977,9 @@ class Wizard extends LDAPUtility { $loginpart = '=%uid'; $filterUsername = ''; $userAttributes = $this->getUserAttributes(); + if ($userAttributes === false) { + throw new \Exception('Failed to get user attributes'); + } $userAttributes = array_change_key_case(array_flip($userAttributes)); $parts = 0; @@ -1044,24 +1044,24 @@ class Wizard extends LDAPUtility { * * @param int $port the port to connect with * @param bool $tls whether startTLS is to be used - * @return bool * @throws \Exception */ - private function connectAndBind($port, $tls) { + private function connectAndBind(int $port, bool $tls): bool { //connect, does not really trigger any server communication $host = $this->configuration->ldapHost; - $hostInfo = parse_url($host); - if (!$hostInfo) { + $hostInfo = parse_url((string)$host); + if (!is_string($host) || !$hostInfo) { throw new \Exception(self::$l->t('Invalid Host')); } $this->logger->debug( 'Wiz: Attempting to connect', ['app' => 'user_ldap'] ); - $cr = $this->ldap->connect($host, $port); + $cr = $this->ldap->connect($host, (string)$port); if (!$this->ldap->isResource($cr)) { throw new \Exception(self::$l->t('Invalid Host')); } + /** @var resource|\LDAP\Connection $cr */ //set LDAP options $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3); @@ -1086,7 +1086,7 @@ class Wizard extends LDAPUtility { $this->configuration->ldapAgentPassword ); $errNo = $this->ldap->errno($cr); - $error = ldap_error($cr); + $error = $this->ldap->error($cr); $this->ldap->unbind($cr); } catch (ServerNotAvailableException $e) { return false; @@ -1110,9 +1110,9 @@ class Wizard extends LDAPUtility { /** * checks whether a valid combination of agent and password has been * provided (either two values or nothing for anonymous connect) - * @return bool, true if everything is fine, false otherwise + * @return bool true if everything is fine, false otherwise */ - private function checkAgentRequirements() { + private function checkAgentRequirements(): bool { $agent = $this->configuration->ldapAgentName; $pwd = $this->configuration->ldapAgentPassword; @@ -1122,11 +1122,7 @@ class Wizard extends LDAPUtility { ; } - /** - * @param array $reqs - * @return bool - */ - private function checkRequirements($reqs) { + private function checkRequirements(array $reqs): bool { $this->checkAgentRequirements(); foreach ($reqs as $option) { $value = $this->configuration->$option; @@ -1148,7 +1144,7 @@ class Wizard extends LDAPUtility { * yields most result entries * @return array|false an array with the values on success, false otherwise */ - public function cumulativeSearchOnAttribute($filters, $attr, $dnReadLimit = 3, &$maxF = null) { + public function cumulativeSearchOnAttribute(array $filters, string $attr, int $dnReadLimit = 3, ?string &$maxF = null) { $dnRead = []; $foundItems = []; $maxEntries = 0; @@ -1161,6 +1157,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($cr)) { return false; } + /** @var resource|\LDAP\Connection $cr */ $lastFilter = null; if (isset($filters[count($filters) - 1])) { $lastFilter = $filters[count($filters) - 1]; @@ -1175,6 +1172,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { continue; } + /** @var resource|\LDAP\Result $rr */ $entries = $this->ldap->countEntries($cr, $rr); $getEntryFunc = 'firstEntry'; if (($entries !== false) && ($entries > 0)) { @@ -1192,16 +1190,17 @@ class Wizard extends LDAPUtility { $rr = $entry; //will be expected by nextEntry next round $attributes = $this->ldap->getAttributes($cr, $entry); $dn = $this->ldap->getDN($cr, $entry); - if ($dn === false || in_array($dn, $dnRead)) { + if ($attributes === false || $dn === false || in_array($dn, $dnRead)) { continue; } $newItems = []; - $state = $this->getAttributeValuesFromEntry($attributes, + $state = $this->getAttributeValuesFromEntry( + $attributes, $attr, - $newItems); + $newItems + ); $dnReadCount++; $foundItems = array_merge($foundItems, $newItems); - $this->resultCache[$dn][$attr] = $newItems; $dnRead[] = $dn; } while (($state === self::LRESULT_PROCESSED_SKIP || $this->ldap->isResource($entry)) @@ -1221,10 +1220,10 @@ class Wizard extends LDAPUtility { * Configuration class * @param bool $po whether the objectClass with most result entries * shall be pre-selected via the result - * @return array|false list of found items. + * @return array list of found items. * @throws \Exception */ - private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) { + private function determineFeature(array $objectclasses, string $attr, string $dbkey, string $confkey, bool $po = false): array { $cr = $this->getConnection(); if (!$cr) { throw new \Exception('Could not connect to LDAP'); @@ -1271,12 +1270,11 @@ class Wizard extends LDAPUtility { * @param array $result the return value from ldap_get_attributes * @param string $attribute the attribute values to look for * @param array &$known new values will be appended here - * @return int, state on of the class constants LRESULT_PROCESSED_OK, + * @return int state on of the class constants LRESULT_PROCESSED_OK, * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP */ - private function getAttributeValuesFromEntry($result, $attribute, &$known) { - if (!is_array($result) - || !isset($result['count']) + private function getAttributeValuesFromEntry(array $result, string $attribute, array &$known): int { + if (!isset($result['count']) || !$result['count'] > 0) { return self::LRESULT_PROCESSED_INVALID; } @@ -1300,7 +1298,7 @@ class Wizard extends LDAPUtility { } /** - * @return bool|mixed + * @return resource|\LDAP\Connection|false a link resource on success, otherwise false */ private function getConnection() { if (!is_null($this->cr)) { @@ -1312,6 +1310,10 @@ class Wizard extends LDAPUtility { $this->configuration->ldapPort ); + if ($cr === false) { + return false; + } + $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3); $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0); $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT); @@ -1330,10 +1332,7 @@ class Wizard extends LDAPUtility { return false; } - /** - * @return array - */ - private function getDefaultLdapPortSettings() { + private function getDefaultLdapPortSettings(): array { static $settings = [ ['port' => 7636, 'tls' => false], ['port' => 636, 'tls' => false], @@ -1345,10 +1344,7 @@ class Wizard extends LDAPUtility { return $settings; } - /** - * @return array - */ - private function getPortSettingsToTry() { + private function getPortSettingsToTry(): array { //389 ← LDAP / Unencrypted or StartTLS //636 ← LDAPS / SSL //7xxx ← UCS. need to be checked first, because both ports may be open |