diff options
| author | Côme Chilliet <91878298+come-nc@users.noreply.github.com> | 2022-11-21 16:05:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-21 16:05:17 +0100 |
| commit | 341dda1de618ee76a1e617cc4c15267c120d32c3 (patch) | |
| tree | 9ff01d59d117e56d764df68b3b4360e4b7cfd7c2 /apps/user_ldap | |
| parent | 5e74b1e9ad3cc1f79f5eda38194a49a26a4f6d85 (diff) | |
| parent | c2cb790532f2a7ea5a9ad39167d95b69c9ed6c10 (diff) | |
| download | nextcloud-server-341dda1de618ee76a1e617cc4c15267c120d32c3.tar.gz nextcloud-server-341dda1de618ee76a1e617cc4c15267c120d32c3.zip | |
Merge branch 'master' into fix/clean-ldap-access-factory-usage
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Diffstat (limited to 'apps/user_ldap')
| -rw-r--r-- | apps/user_ldap/l10n/es.js | 2 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/es.json | 2 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/fr.js | 2 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/fr.json | 2 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/ja.js | 4 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/ja.json | 4 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/lv.js | 2 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/lv.json | 2 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/uk.js | 6 | ||||
| -rw-r--r-- | apps/user_ldap/l10n/uk.json | 6 | ||||
| -rw-r--r-- | apps/user_ldap/lib/AppInfo/Application.php | 27 | ||||
| -rw-r--r-- | apps/user_ldap/lib/DataCollector/LdapDataCollector.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ILDAPWrapper.php | 9 | ||||
| -rw-r--r-- | apps/user_ldap/lib/LDAP.php | 3 | ||||
| -rw-r--r-- | apps/user_ldap/lib/User_LDAP.php | 7 | ||||
| -rw-r--r-- | apps/user_ldap/lib/User_Proxy.php | 20 | ||||
| -rw-r--r-- | apps/user_ldap/lib/Wizard.php | 198 |
17 files changed, 178 insertions, 121 deletions
diff --git a/apps/user_ldap/l10n/es.js b/apps/user_ldap/l10n/es.js index 25dc2745991..8821ad3ac5e 100644 --- a/apps/user_ldap/l10n/es.js +++ b/apps/user_ldap/l10n/es.js @@ -166,7 +166,7 @@ OC.L10N.register( "Paging chunksize" : "Tamaño de los fragmentos de paginación", "Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)" : "Tamaño de los fragmentos usado para búsquedas LDAP paginadas que pueden devolver resultados voluminosos, como enumeración de usuarios o de grupos. (Si se establece en 0, se deshabilitan las búsquedas LDAP paginadas en esas situaciones.)", "Enable LDAP password changes per user" : "Permitir cambios de contraseñas LDAP por usuario", - "Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server." : "Permite a usuarios LDAP cambiar su contraseña y permite administradores y administradores de grupos, cambiar la contraseña de sus usuarios LDAP. SOlo funciona cuando las políticas de control de acceso están configuradas de acuerdo a las del servidor LDAP. Como las contraseñas se mandan en texto plano al servidor, LDAP, encripción del transporte debe ser usado y cifrado de las contraseñas debe ser configurado en el servidor LDAP.", + "Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server." : "Permite a usuarios LDAP cambiar su contraseña y permite administradores y administradores de grupos, cambiar la contraseña de sus usuarios LDAP. Solo funciona cuando las políticas de control de acceso están configuradas de acuerdo a las del servidor LDAP. Como las contraseñas se mandan en texto plano al servidor, LDAP, encripción del transporte debe ser usado y cifrado de las contraseñas debe ser configurado en el servidor LDAP.", "(New password is sent as plain text to LDAP)" : "(La nueva contraseña se envía como texto plano a LDAP)", "Default password policy DN" : "Política de contraseñas por defecto DN", "The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling." : "El DN de una política de contraseñas por defecto que será usado para el manejo de la expiración de contraseñas. Solo funciona cuando los cambios por usuario de la contraseña LDAP están habilitados y solo está aceptada por OpenLDAP. Déjala vacía para deshabilitar el manejo de expiración de contraseñas.", diff --git a/apps/user_ldap/l10n/es.json b/apps/user_ldap/l10n/es.json index c41959bc8ca..1d867cae117 100644 --- a/apps/user_ldap/l10n/es.json +++ b/apps/user_ldap/l10n/es.json @@ -164,7 +164,7 @@ "Paging chunksize" : "Tamaño de los fragmentos de paginación", "Chunksize used for paged LDAP searches that may return bulky results like user or group enumeration. (Setting it 0 disables paged LDAP searches in those situations.)" : "Tamaño de los fragmentos usado para búsquedas LDAP paginadas que pueden devolver resultados voluminosos, como enumeración de usuarios o de grupos. (Si se establece en 0, se deshabilitan las búsquedas LDAP paginadas en esas situaciones.)", "Enable LDAP password changes per user" : "Permitir cambios de contraseñas LDAP por usuario", - "Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server." : "Permite a usuarios LDAP cambiar su contraseña y permite administradores y administradores de grupos, cambiar la contraseña de sus usuarios LDAP. SOlo funciona cuando las políticas de control de acceso están configuradas de acuerdo a las del servidor LDAP. Como las contraseñas se mandan en texto plano al servidor, LDAP, encripción del transporte debe ser usado y cifrado de las contraseñas debe ser configurado en el servidor LDAP.", + "Allow LDAP users to change their password and allow Super Administrators and Group Administrators to change the password of their LDAP users. Only works when access control policies are configured accordingly on the LDAP server. As passwords are sent in plaintext to the LDAP server, transport encryption must be used and password hashing should be configured on the LDAP server." : "Permite a usuarios LDAP cambiar su contraseña y permite administradores y administradores de grupos, cambiar la contraseña de sus usuarios LDAP. Solo funciona cuando las políticas de control de acceso están configuradas de acuerdo a las del servidor LDAP. Como las contraseñas se mandan en texto plano al servidor, LDAP, encripción del transporte debe ser usado y cifrado de las contraseñas debe ser configurado en el servidor LDAP.", "(New password is sent as plain text to LDAP)" : "(La nueva contraseña se envía como texto plano a LDAP)", "Default password policy DN" : "Política de contraseñas por defecto DN", "The DN of a default password policy that will be used for password expiry handling. Works only when LDAP password changes per user are enabled and is only supported by OpenLDAP. Leave empty to disable password expiry handling." : "El DN de una política de contraseñas por defecto que será usado para el manejo de la expiración de contraseñas. Solo funciona cuando los cambios por usuario de la contraseña LDAP están habilitados y solo está aceptada por OpenLDAP. Déjala vacía para deshabilitar el manejo de expiración de contraseñas.", diff --git a/apps/user_ldap/l10n/fr.js b/apps/user_ldap/l10n/fr.js index a6ecdc324a1..e5be5be3bde 100644 --- a/apps/user_ldap/l10n/fr.js +++ b/apps/user_ldap/l10n/fr.js @@ -72,7 +72,7 @@ OC.L10N.register( "Help" : "Aide", "Groups meeting these criteria are available in %s:" : "Les groupes respectant ces critères sont disponibles dans %s :", "Only these object classes:" : "Seulement ces classes d'objets :", - "Only from these groups:" : "Seulement dans ces groupes :", + "Only from these groups:" : "Seulement dans ces groupes :", "Search groups" : "Chercher dans les groupes", "Available groups" : "Groupes disponibles", "Selected groups" : "Groupes sélectionnés", diff --git a/apps/user_ldap/l10n/fr.json b/apps/user_ldap/l10n/fr.json index 6f3759727b7..8bc527b933b 100644 --- a/apps/user_ldap/l10n/fr.json +++ b/apps/user_ldap/l10n/fr.json @@ -70,7 +70,7 @@ "Help" : "Aide", "Groups meeting these criteria are available in %s:" : "Les groupes respectant ces critères sont disponibles dans %s :", "Only these object classes:" : "Seulement ces classes d'objets :", - "Only from these groups:" : "Seulement dans ces groupes :", + "Only from these groups:" : "Seulement dans ces groupes :", "Search groups" : "Chercher dans les groupes", "Available groups" : "Groupes disponibles", "Selected groups" : "Groupes sélectionnés", diff --git a/apps/user_ldap/l10n/ja.js b/apps/user_ldap/l10n/ja.js index 03a83d83a35..7f8455f54b8 100644 --- a/apps/user_ldap/l10n/ja.js +++ b/apps/user_ldap/l10n/ja.js @@ -60,6 +60,10 @@ OC.L10N.register( "Your password will expire today." : "パスワードが今日期限切れになります。", "_Your password will expire within %n day._::_Your password will expire within %n days._" : ["パスワードがあと %n日で期限切れになります。"], "LDAP/AD integration" : "LDAP/AD統合", + "_%n group found_::_%n groups found_" : ["グループ%nが見つかりました "], + "> 1000 groups found" : "1000 以上のグループが見つかりました", + "> 1000 users found" : "1000 以上のユーザーが見つかりました", + "_%n user found_::_%n users found_" : ["ユーザー%n が見つかりました"], "Could not detect user display name attribute. Please specify it yourself in advanced LDAP settings." : "ユーザー表示名の属性を検出できませんでした。詳細設定で対応する属性を指定してください。", "Could not find the desired feature" : "望ましい機能は見つかりませんでした", "Invalid Host" : "無効なホスト", diff --git a/apps/user_ldap/l10n/ja.json b/apps/user_ldap/l10n/ja.json index bae170334bb..a177306a5ce 100644 --- a/apps/user_ldap/l10n/ja.json +++ b/apps/user_ldap/l10n/ja.json @@ -58,6 +58,10 @@ "Your password will expire today." : "パスワードが今日期限切れになります。", "_Your password will expire within %n day._::_Your password will expire within %n days._" : ["パスワードがあと %n日で期限切れになります。"], "LDAP/AD integration" : "LDAP/AD統合", + "_%n group found_::_%n groups found_" : ["グループ%nが見つかりました "], + "> 1000 groups found" : "1000 以上のグループが見つかりました", + "> 1000 users found" : "1000 以上のユーザーが見つかりました", + "_%n user found_::_%n users found_" : ["ユーザー%n が見つかりました"], "Could not detect user display name attribute. Please specify it yourself in advanced LDAP settings." : "ユーザー表示名の属性を検出できませんでした。詳細設定で対応する属性を指定してください。", "Could not find the desired feature" : "望ましい機能は見つかりませんでした", "Invalid Host" : "無効なホスト", diff --git a/apps/user_ldap/l10n/lv.js b/apps/user_ldap/l10n/lv.js index 61eb1d75c98..2c623018a21 100644 --- a/apps/user_ldap/l10n/lv.js +++ b/apps/user_ldap/l10n/lv.js @@ -45,6 +45,7 @@ OC.L10N.register( "Selected groups" : "Izvēlētās grupas", "Edit LDAP Query" : "Labot LDAP vaicājumu", "LDAP Filter:" : "LDAP filtrs:", + "Verify settings and count the groups" : "Pārbaudiet iestatījumus un saskaitiet grupas", "Other Attributes:" : "Citi atribūti:", "Test Loginname" : "Pārbaudiet lietotājvārdu", "Verify settings" : "Pārbaudīt iestatījumus", @@ -60,6 +61,7 @@ OC.L10N.register( "You can specify Base DN for users and groups in the Advanced tab" : "Lietotājiem un grupām var norādīt bāzes DN cilnē “Paplašināti”", "Detect Base DN" : "Noteikt bāzes DN", "Test Base DN" : "Testēt bāzes DN", + "Verify settings and count users" : "Pārbaudiet iestatījumus un saskaitiet lietotājus", "Saving" : "Saglabā", "Back" : "Atpakaļ", "Continue" : "Turpināt", diff --git a/apps/user_ldap/l10n/lv.json b/apps/user_ldap/l10n/lv.json index be82e0717dc..fdebc4b2287 100644 --- a/apps/user_ldap/l10n/lv.json +++ b/apps/user_ldap/l10n/lv.json @@ -43,6 +43,7 @@ "Selected groups" : "Izvēlētās grupas", "Edit LDAP Query" : "Labot LDAP vaicājumu", "LDAP Filter:" : "LDAP filtrs:", + "Verify settings and count the groups" : "Pārbaudiet iestatījumus un saskaitiet grupas", "Other Attributes:" : "Citi atribūti:", "Test Loginname" : "Pārbaudiet lietotājvārdu", "Verify settings" : "Pārbaudīt iestatījumus", @@ -58,6 +59,7 @@ "You can specify Base DN for users and groups in the Advanced tab" : "Lietotājiem un grupām var norādīt bāzes DN cilnē “Paplašināti”", "Detect Base DN" : "Noteikt bāzes DN", "Test Base DN" : "Testēt bāzes DN", + "Verify settings and count users" : "Pārbaudiet iestatījumus un saskaitiet lietotājus", "Saving" : "Saglabā", "Back" : "Atpakaļ", "Continue" : "Turpināt", diff --git a/apps/user_ldap/l10n/uk.js b/apps/user_ldap/l10n/uk.js index 5e2481d0259..7ce76c7bf73 100644 --- a/apps/user_ldap/l10n/uk.js +++ b/apps/user_ldap/l10n/uk.js @@ -1,7 +1,7 @@ OC.L10N.register( "user_ldap", { - "Failed to clear the mappings." : "Не вдалося очистити відображення.", + "Failed to clear the mappings." : "Не вдалося очистити мапування.", "Failed to delete the server configuration" : "Не вдалося вилучити конфігурацію сервера", "Invalid configuration: Anonymous binding is not allowed." : "Неправильна конфігурація. Анонімне приєднання не дозволено.", "Valid configuration, connection established!" : "Правильна конфігурація, з'єднання встановлено!", @@ -36,7 +36,7 @@ OC.L10N.register( "An error occurred. Please check the Base DN, as well as connection settings and credentials." : "Сталась помилка. Будь ласка, перевірте базове DN, а також налаштування підключення та облікові дані.", "Do you really want to delete the current Server Configuration?" : "Дійсно вилучити поточну конфігурацію сервера ?", "Confirm Deletion" : "Підтвердіть вилучення", - "Mappings cleared successfully!" : "Відображення успішно очищенні!", + "Mappings cleared successfully!" : "Мапування успішно очищено!", "Error while clearing the mappings." : "Помилка при очищенні відображень.", "Anonymous bind is not allowed. Please provide a User DN and Password." : "Анонімне прив'язування не допускається. Укажіть DN користувача та пароль.", "LDAP Operations error. Anonymous bind might not be allowed." : "Помилка операцій LDAP. Анонімне прив’язування може бути заборонено.", @@ -139,7 +139,7 @@ OC.L10N.register( "Give an optional backup host. It must be a replica of the main LDAP/AD server." : "Вкажіть додатковий резервний сервер. Він повинен бути копією головного LDAP/AD сервера.", "Backup (Replica) Port" : "Порт сервера для резервних копій", "Disable Main Server" : "Вимкнути Головний Сервер", - "Only connect to the replica server." : "Підключити тільки до сервера реплік.", + "Only connect to the replica server." : "З'єднатися тільки із сервером реплік.", "Turn off SSL certificate validation." : "Вимкнути перевірку SSL сертифіката.", "Not recommended, use it for testing only! If connection only works with this option, import the LDAP server's SSL certificate in your %s server." : "Не рекомендується, використовувати його тільки для тестування!\nЯкщо з'єднання працює лише з цією опцією, імпортуйте SSL сертифікат LDAP сервера у ваший %s сервер.", "Cache Time-To-Live" : "Час актуальності Кеша", diff --git a/apps/user_ldap/l10n/uk.json b/apps/user_ldap/l10n/uk.json index 91d18fbcf13..130dd65a1f2 100644 --- a/apps/user_ldap/l10n/uk.json +++ b/apps/user_ldap/l10n/uk.json @@ -1,5 +1,5 @@ { "translations": { - "Failed to clear the mappings." : "Не вдалося очистити відображення.", + "Failed to clear the mappings." : "Не вдалося очистити мапування.", "Failed to delete the server configuration" : "Не вдалося вилучити конфігурацію сервера", "Invalid configuration: Anonymous binding is not allowed." : "Неправильна конфігурація. Анонімне приєднання не дозволено.", "Valid configuration, connection established!" : "Правильна конфігурація, з'єднання встановлено!", @@ -34,7 +34,7 @@ "An error occurred. Please check the Base DN, as well as connection settings and credentials." : "Сталась помилка. Будь ласка, перевірте базове DN, а також налаштування підключення та облікові дані.", "Do you really want to delete the current Server Configuration?" : "Дійсно вилучити поточну конфігурацію сервера ?", "Confirm Deletion" : "Підтвердіть вилучення", - "Mappings cleared successfully!" : "Відображення успішно очищенні!", + "Mappings cleared successfully!" : "Мапування успішно очищено!", "Error while clearing the mappings." : "Помилка при очищенні відображень.", "Anonymous bind is not allowed. Please provide a User DN and Password." : "Анонімне прив'язування не допускається. Укажіть DN користувача та пароль.", "LDAP Operations error. Anonymous bind might not be allowed." : "Помилка операцій LDAP. Анонімне прив’язування може бути заборонено.", @@ -137,7 +137,7 @@ "Give an optional backup host. It must be a replica of the main LDAP/AD server." : "Вкажіть додатковий резервний сервер. Він повинен бути копією головного LDAP/AD сервера.", "Backup (Replica) Port" : "Порт сервера для резервних копій", "Disable Main Server" : "Вимкнути Головний Сервер", - "Only connect to the replica server." : "Підключити тільки до сервера реплік.", + "Only connect to the replica server." : "З'єднатися тільки із сервером реплік.", "Turn off SSL certificate validation." : "Вимкнути перевірку SSL сертифіката.", "Not recommended, use it for testing only! If connection only works with this option, import the LDAP server's SSL certificate in your %s server." : "Не рекомендується, використовувати його тільки для тестування!\nЯкщо з'єднання працює лише з цією опцією, імпортуйте SSL сертифікат LDAP сервера у ваший %s сервер.", "Cache Time-To-Live" : "Час актуальності Кеша", diff --git a/apps/user_ldap/lib/AppInfo/Application.php b/apps/user_ldap/lib/AppInfo/Application.php index 79998a580e5..757ac141d3d 100644 --- a/apps/user_ldap/lib/AppInfo/Application.php +++ b/apps/user_ldap/lib/AppInfo/Application.php @@ -31,6 +31,7 @@ use OCA\Files_External\Service\BackendService; use OCA\User_LDAP\Controller\RenewPasswordController; use OCA\User_LDAP\Events\GroupBackendRegistered; use OCA\User_LDAP\Events\UserBackendRegistered; +use OCA\User_LDAP\FilesystemHelper; use OCA\User_LDAP\Group_Proxy; use OCA\User_LDAP\GroupPluginManager; use OCA\User_LDAP\Handler\ExtStorageConfigHandler; @@ -38,6 +39,7 @@ use OCA\User_LDAP\Helper; use OCA\User_LDAP\ILDAPWrapper; use OCA\User_LDAP\LDAP; use OCA\User_LDAP\Notification\Notifier; +use OCA\User_LDAP\User\Manager; use OCA\User_LDAP\User_Proxy; use OCA\User_LDAP\UserPluginManager; use OCP\AppFramework\App; @@ -46,10 +48,17 @@ use OCP\AppFramework\Bootstrap\IBootstrap; use OCP\AppFramework\Bootstrap\IRegistrationContext; use OCP\AppFramework\IAppContainer; use OCP\EventDispatcher\IEventDispatcher; +use OCP\IAvatarManager; +use OCP\IConfig; use OCP\IGroupManager; use OCP\IL10N; +use OCP\Image; use OCP\IServerContainer; +use OCP\IUserManager; use OCP\Notification\IManager as INotificationManager; +use OCP\Share\IManager as IShareManager; +use Psr\Container\ContainerInterface; +use Psr\Log\LoggerInterface; use Symfony\Component\EventDispatcher\EventDispatcherInterface; class Application extends App implements IBootstrap { @@ -87,6 +96,24 @@ class Application extends App implements IBootstrap { public function register(IRegistrationContext $context): void { $context->registerNotifierService(Notifier::class); + + $context->registerService( + Manager::class, + function (ContainerInterface $c) { + return new Manager( + $c->get(IConfig::class), + $c->get(FilesystemHelper::class), + $c->get(LoggerInterface::class), + $c->get(IAvatarManager::class), + $c->get(Image::class), + $c->get(IUserManager::class), + $c->get(INotificationManager::class), + $c->get(IShareManager::class), + ); + }, + // the instance is specific to a lazy bound Access instance, thus cannot be shared. + false + ); } public function boot(IBootContext $context): void { diff --git a/apps/user_ldap/lib/DataCollector/LdapDataCollector.php b/apps/user_ldap/lib/DataCollector/LdapDataCollector.php index cb61de96e37..833b314b199 100644 --- a/apps/user_ldap/lib/DataCollector/LdapDataCollector.php +++ b/apps/user_ldap/lib/DataCollector/LdapDataCollector.php @@ -28,12 +28,13 @@ use OCP\AppFramework\Http\Response; use OCP\DataCollector\AbstractDataCollector; class LdapDataCollector extends AbstractDataCollector { - public function startLdapRequest(string $query, array $args): void { + public function startLdapRequest(string $query, array $args, array $backtrace): void { $this->data[] = [ 'start' => microtime(true), 'query' => $query, 'args' => $args, 'end' => microtime(true), + 'backtrace' => $backtrace, ]; } diff --git a/apps/user_ldap/lib/ILDAPWrapper.php b/apps/user_ldap/lib/ILDAPWrapper.php index b5c5568348e..6ec88effa5f 100644 --- a/apps/user_ldap/lib/ILDAPWrapper.php +++ b/apps/user_ldap/lib/ILDAPWrapper.php @@ -30,7 +30,6 @@ namespace OCA\User_LDAP; interface ILDAPWrapper { - //LDAP functions in use /** @@ -48,7 +47,7 @@ interface ILDAPWrapper { * connect to an LDAP server * @param string $host The host to connect to * @param string $port The port to connect to - * @return mixed a link resource on success, otherwise false + * @return resource|\LDAP\Connection|false a link resource on success, otherwise false */ public function connect($host, $port); @@ -106,7 +105,7 @@ interface ILDAPWrapper { * Get attributes from a search result entry * @param resource|\LDAP\Connection $link LDAP link resource * @param resource|\LDAP\ResultEntry $result LDAP result resource - * @return array containing the results, false on error + * @return array|false containing the results, false on error * */ public function getAttributes($link, $result); @@ -114,7 +113,7 @@ interface ILDAPWrapper { * Get the DN of a result entry * @param resource|\LDAP\Connection $link LDAP link resource * @param resource|\LDAP\ResultEntry $result LDAP result resource - * @return string containing the DN, false on error + * @return string|false containing the DN, false on error */ public function getDN($link, $result); @@ -122,7 +121,7 @@ interface ILDAPWrapper { * Get all result entries * @param resource|\LDAP\Connection $link LDAP link resource * @param resource|\LDAP\Result $result LDAP result resource - * @return array containing the results, false on error + * @return array|false containing the results, false on error */ public function getEntries($link, $result); diff --git a/apps/user_ldap/lib/LDAP.php b/apps/user_ldap/lib/LDAP.php index c03337a9e51..6a54f89880d 100644 --- a/apps/user_ldap/lib/LDAP.php +++ b/apps/user_ldap/lib/LDAP.php @@ -330,7 +330,8 @@ class LDAP implements ILDAPWrapper { return $item; }, $this->curArgs); - $this->dataCollector->startLdapRequest($functionName, $args); + $backtrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); + $this->dataCollector->startLdapRequest($functionName, $args, $backtrace); } if ($this->logFile !== '' && is_writable(dirname($this->logFile)) && (!file_exists($this->logFile) || is_writable($this->logFile))) { diff --git a/apps/user_ldap/lib/User_LDAP.php b/apps/user_ldap/lib/User_LDAP.php index 036ddaa9af4..f855dcb1fd6 100644 --- a/apps/user_ldap/lib/User_LDAP.php +++ b/apps/user_ldap/lib/User_LDAP.php @@ -48,11 +48,12 @@ use OCP\IConfig; use OCP\IUserBackend; use OCP\IUserSession; use OCP\Notification\IManager as INotificationManager; +use OCP\User\Backend\ICountMappedUsersBackend; use OCP\User\Backend\ICountUsersBackend; use OCP\UserInterface; use Psr\Log\LoggerInterface; -class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend { +class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend, ICountMappedUsersBackend { /** @var \OCP\IConfig */ protected $ocConfig; @@ -598,6 +599,10 @@ class User_LDAP extends BackendUtility implements IUserBackend, UserInterface, I return $entries; } + public function countMappedUsers(): int { + return $this->access->getUserMapper()->count(); + } + /** * Backend name to be shown in user management * @return string the name of the backend to be shown diff --git a/apps/user_ldap/lib/User_Proxy.php b/apps/user_ldap/lib/User_Proxy.php index 8b194f250b4..b07c632eeeb 100644 --- a/apps/user_ldap/lib/User_Proxy.php +++ b/apps/user_ldap/lib/User_Proxy.php @@ -33,12 +33,15 @@ namespace OCA\User_LDAP; use OCA\User_LDAP\User\User; use OCP\IConfig; +use OCP\IUserBackend; use OCP\IUserSession; use OCP\Notification\IManager as INotificationManager; +use OCP\User\Backend\ICountMappedUsersBackend; use OCP\User\Backend\ICountUsersBackend; +use OCP\UserInterface; -class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface, IUserLDAP, ICountUsersBackend { - /** @var array<string,User_LDAP> */ +class User_Proxy extends Proxy implements IUserBackend, UserInterface, IUserLDAP, ICountUsersBackend, ICountMappedUsersBackend { + /** @var array<string,User_LDAP> */ private $backends = []; /** @var ?User_LDAP */ private $refBackend = null; @@ -392,6 +395,19 @@ class User_Proxy extends Proxy implements \OCP\IUserBackend, \OCP\UserInterface, } /** + * Count the number of mapped users + */ + public function countMappedUsers(): int { + $this->setup(); + + $users = 0; + foreach ($this->backends as $backend) { + $users += $backend->countMappedUsers(); + } + return $users; + } + + /** * Return access for LDAP interaction. * * @param string $uid diff --git a/apps/user_ldap/lib/Wizard.php b/apps/user_ldap/lib/Wizard.php index 19de55c091d..2ecdce610a7 100644 --- a/apps/user_ldap/lib/Wizard.php +++ b/apps/user_ldap/lib/Wizard.php @@ -19,6 +19,7 @@ * @author Tobias Perschon <tobias@perschon.at> * @author Victor Dubiniuk <dubiniuk@owncloud.com> * @author Xuanwo <xuanwo@yunify.com> + * @author Côme Chilliet <come.chilliet@nextcloud.com> * * @license AGPL-3.0 * @@ -35,22 +36,22 @@ * along with this program. If not, see <http://www.gnu.org/licenses/> * */ + namespace OCA\User_LDAP; use OC\ServerNotAvailableException; +use OCP\IL10N; +use OCP\L10N\IFactory as IL10NFactory; use Psr\Log\LoggerInterface; class Wizard extends LDAPUtility { - /** @var \OCP\IL10N */ - protected static $l; - protected $access; + protected static ?IL10N $l = null; + protected Access $access; + /** @var resource|\LDAP\Connection|null */ protected $cr; - protected $configuration; - protected $result; - protected $resultCache = []; - - /** @var LoggerInterface */ - protected $logger; + protected Configuration $configuration; + protected WizardResult $result; + protected LoggerInterface $logger; public const LRESULT_PROCESSED_OK = 2; public const LRESULT_PROCESSED_INVALID = 3; @@ -65,17 +66,15 @@ class Wizard extends LDAPUtility { public const LDAP_NW_TIMEOUT = 4; - /** - * Constructor - * @param Configuration $configuration an instance of Configuration - * @param ILDAPWrapper $ldap an instance of ILDAPWrapper - * @param Access $access - */ - public function __construct(Configuration $configuration, ILDAPWrapper $ldap, Access $access) { + public function __construct( + Configuration $configuration, + ILDAPWrapper $ldap, + Access $access + ) { parent::__construct($ldap); $this->configuration = $configuration; - if (is_null(Wizard::$l)) { - Wizard::$l = \OC::$server->getL10N('user_ldap'); + if (is_null(static::$l)) { + static::$l = \OC::$server->get(IL10NFactory::class)->get('user_ldap'); } $this->access = $access; $this->result = new WizardResult(); @@ -93,7 +92,6 @@ class Wizard extends LDAPUtility { * * @param string $filter the LDAP search filter * @param string $type a string being either 'users' or 'groups'; - * @return int * @throws \Exception */ public function countEntries(string $filter, string $type): int { @@ -120,6 +118,9 @@ class Wizard extends LDAPUtility { return (int)$result; } + /** + * @return WizardResult|false + */ public function countGroups() { $filter = $this->configuration->ldapGroupFilter; @@ -153,10 +154,9 @@ class Wizard extends LDAPUtility { } /** - * @return WizardResult * @throws \Exception */ - public function countUsers() { + public function countUsers(): WizardResult { $filter = $this->access->getFilterForUserCount(); $usersTotal = $this->countEntries($filter, 'users'); @@ -176,32 +176,26 @@ class Wizard extends LDAPUtility { /** * counts any objects in the currently set base dn * - * @return WizardResult * @throws \Exception */ - public function countInBaseDN() { + public function countInBaseDN(): WizardResult { // we don't need to provide a filter in this case $total = $this->countEntries('', 'objects'); - if ($total === false) { - throw new \Exception('invalid results received'); - } $this->result->addChange('ldap_test_base', $total); return $this->result; } /** * counts users with a specified attribute - * @param string $attr - * @param bool $existsCheck - * @return int|bool + * @return int|false */ - public function countUsersWithAttribute($attr, $existsCheck = false) { + public function countUsersWithAttribute(string $attr, bool $existsCheck = false) { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapBase', 'ldapUserFilter', ])) { - return false; + return false; } $filter = $this->access->combineFilterWithAnd([ @@ -209,7 +203,7 @@ class Wizard extends LDAPUtility { $attr . '=*' ]); - $limit = ($existsCheck === false) ? null : 1; + $limit = $existsCheck ? null : 1; return $this->access->countUsers($filter, ['dn'], $limit); } @@ -217,7 +211,7 @@ class Wizard extends LDAPUtility { /** * detects the display name attribute. If a setting is already present that * returns at least one hit, the detection will be canceled. - * @return WizardResult|bool + * @return WizardResult|false * @throws \Exception */ public function detectUserDisplayNameAttribute() { @@ -308,7 +302,7 @@ class Wizard extends LDAPUtility { } /** - * @return WizardResult + * @return WizardResult|false * @throws \Exception */ public function determineAttributes() { @@ -317,11 +311,15 @@ class Wizard extends LDAPUtility { 'ldapBase', 'ldapUserFilter', ])) { - return false; + return false; } $attributes = $this->getUserAttributes(); + if (!is_array($attributes)) { + throw new \Exception('Failed to determine user attributes'); + } + natcasesort($attributes); $attributes = array_values($attributes); @@ -337,7 +335,7 @@ class Wizard extends LDAPUtility { /** * detects the available LDAP attributes - * @return array|false The instance's WizardResult instance + * @return array|false * @throws \Exception */ private function getUserAttributes() { @@ -346,7 +344,7 @@ class Wizard extends LDAPUtility { 'ldapBase', 'ldapUserFilter', ])) { - return false; + return false; } $cr = $this->getConnection(); if (!$cr) { @@ -359,8 +357,12 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { return false; } + /** @var resource|\LDAP\Result $rr */ $er = $this->ldap->firstEntry($cr, $rr); $attributes = $this->ldap->getAttributes($cr, $er); + if ($attributes === false) { + return false; + } $pureAttributes = []; for ($i = 0; $i < $attributes['count']; $i++) { $pureAttributes[] = $attributes[$i]; @@ -390,18 +392,15 @@ class Wizard extends LDAPUtility { /** * detects the available LDAP groups - * @param string $dbKey - * @param string $confKey - * @param bool $testMemberOf * @return WizardResult|false the instance's WizardResult instance * @throws \Exception */ - private function determineGroups($dbKey, $confKey, $testMemberOf = true) { + private function determineGroups(string $dbKey, string $confKey, bool $testMemberOf = true) { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapBase', ])) { - return false; + return false; } $cr = $this->getConnection(); if (!$cr) { @@ -424,12 +423,9 @@ class Wizard extends LDAPUtility { /** * fetches all groups from LDAP and adds them to the result object * - * @param string $dbKey - * @param string $confKey - * @return array $groupEntries * @throws \Exception */ - public function fetchGroups($dbKey, $confKey) { + public function fetchGroups(string $dbKey, string $confKey): array { $obclasses = ['posixGroup', 'group', 'zimbraDistributionList', 'groupOfNames', 'groupOfUniqueNames']; $filterParts = []; @@ -451,7 +447,7 @@ class Wizard extends LDAPUtility { // detection will fail later $result = $this->access->searchGroups($filter, ['cn', 'dn'], $limit, $offset); foreach ($result as $item) { - if (!isset($item['cn']) && !is_array($item['cn']) && !isset($item['cn'][0])) { + if (!isset($item['cn']) || !is_array($item['cn']) || !isset($item['cn'][0])) { // just in case - no issue known continue; } @@ -476,12 +472,15 @@ class Wizard extends LDAPUtility { return $groupEntries; } + /** + * @return WizardResult|false + */ public function determineGroupMemberAssoc() { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapGroupFilter', ])) { - return false; + return false; } $attribute = $this->detectGroupMemberAssoc(); if ($attribute === false) { @@ -522,7 +521,7 @@ class Wizard extends LDAPUtility { /** * detects the available object classes - * @return WizardResult + * @return WizardResult|false * @throws \Exception */ public function determineUserObjectClasses() { @@ -530,7 +529,7 @@ class Wizard extends LDAPUtility { 'ldapPort', 'ldapBase', ])) { - return false; + return false; } $cr = $this->getConnection(); if (!$cr) { @@ -602,7 +601,7 @@ class Wizard extends LDAPUtility { } /** - * @return bool|WizardResult + * @return WizardResult|false * @throws \Exception */ public function getUserLoginFilter() { @@ -624,11 +623,10 @@ class Wizard extends LDAPUtility { } /** - * @return bool|WizardResult - * @param string $loginName + * @return WizardResult|false * @throws \Exception */ - public function testLoginName($loginName) { + public function testLoginName(string $loginName) { if (!$this->checkRequirements(['ldapHost', 'ldapPort', 'ldapBase', @@ -641,6 +639,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($cr)) { throw new \Exception('connection error'); } + /** @var resource|\LDAP\Connection $cr */ if (mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8') === false) { @@ -670,10 +669,6 @@ class Wizard extends LDAPUtility { $this->checkHost(); $portSettings = $this->getPortSettingsToTry(); - if (!is_array($portSettings)) { - throw new \Exception(print_r($portSettings, true)); - } - //proceed from the best configuration and return on first success foreach ($portSettings as $setting) { $p = $setting['port']; @@ -742,7 +737,7 @@ class Wizard extends LDAPUtility { //this did not help :( //Let's see whether we can parse the Host URL and convert the domain to //a base DN - $helper = new Helper(\OC::$server->getConfig(), \OC::$server->getDatabaseConnection()); + $helper = \OC::$server->get(Helper::class); $domain = $helper->getDomainFromURL($this->configuration->ldapHost); if (!$domain) { return false; @@ -768,7 +763,7 @@ class Wizard extends LDAPUtility { * @param string $value the (detected) value * */ - private function applyFind($key, $value) { + private function applyFind(string $key, string $value): void { $this->result->addChange($key, $value); $this->configuration->setConfiguration([$key => $value]); } @@ -778,7 +773,7 @@ class Wizard extends LDAPUtility { * field. In this case the port will be stripped off, but also stored as * setting. */ - private function checkHost() { + private function checkHost(): void { $host = $this->configuration->ldapHost; $hostInfo = parse_url($host); @@ -787,14 +782,14 @@ class Wizard extends LDAPUtility { $port = $hostInfo['port']; $host = str_replace(':'.$port, '', $host); $this->applyFind('ldap_host', $host); - $this->applyFind('ldap_port', $port); + $this->applyFind('ldap_port', (string)$port); } } /** * tries to detect the group member association attribute which is * one of 'uniqueMember', 'memberUid', 'member', 'gidNumber' - * @return string|false, string with the attribute name, false on error + * @return string|false string with the attribute name, false on error * @throws \Exception */ private function detectGroupMemberAssoc() { @@ -812,6 +807,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { return false; } + /** @var resource|\LDAP\Result $rr */ $er = $this->ldap->firstEntry($cr, $rr); while ($this->ldap->isResource($er)) { $this->ldap->getDN($cr, $er); @@ -840,7 +836,7 @@ class Wizard extends LDAPUtility { * @return bool true on success, false otherwise * @throws \Exception */ - private function testBaseDN($base) { + private function testBaseDN(string $base): bool { $cr = $this->getConnection(); if (!$cr) { throw new \Exception('Could not connect to LDAP'); @@ -858,6 +854,7 @@ class Wizard extends LDAPUtility { ); return false; } + /** @var resource|\LDAP\Result $rr */ $entries = $this->ldap->countEntries($cr, $rr); return ($entries !== false) && ($entries > 0); } @@ -871,7 +868,7 @@ class Wizard extends LDAPUtility { * @return bool true if it does, false otherwise * @throws \Exception */ - private function testMemberOf() { + private function testMemberOf(): bool { $cr = $this->getConnection(); if (!$cr) { throw new \Exception('Could not connect to LDAP'); @@ -885,13 +882,12 @@ class Wizard extends LDAPUtility { /** * creates an LDAP Filter from given configuration - * @param integer $filterType int, for which use case the filter shall be created + * @param int $filterType int, for which use case the filter shall be created * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or * self::LFILTER_GROUP_LIST - * @return string|false string with the filter on success, false otherwise * @throws \Exception */ - private function composeLdapFilter($filterType) { + private function composeLdapFilter(int $filterType): string { $filter = ''; $parts = 0; switch ($filterType) { @@ -921,6 +917,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { continue; } + /** @var resource|\LDAP\Result $rr */ $er = $this->ldap->firstEntry($cr, $rr); $attrs = $this->ldap->getAttributes($cr, $er); $dn = $this->ldap->getDN($cr, $er); @@ -980,6 +977,9 @@ class Wizard extends LDAPUtility { $loginpart = '=%uid'; $filterUsername = ''; $userAttributes = $this->getUserAttributes(); + if ($userAttributes === false) { + throw new \Exception('Failed to get user attributes'); + } $userAttributes = array_change_key_case(array_flip($userAttributes)); $parts = 0; @@ -1044,24 +1044,24 @@ class Wizard extends LDAPUtility { * * @param int $port the port to connect with * @param bool $tls whether startTLS is to be used - * @return bool * @throws \Exception */ - private function connectAndBind($port, $tls) { + private function connectAndBind(int $port, bool $tls): bool { //connect, does not really trigger any server communication $host = $this->configuration->ldapHost; - $hostInfo = parse_url($host); - if (!$hostInfo) { + $hostInfo = parse_url((string)$host); + if (!is_string($host) || !$hostInfo) { throw new \Exception(self::$l->t('Invalid Host')); } $this->logger->debug( 'Wiz: Attempting to connect', ['app' => 'user_ldap'] ); - $cr = $this->ldap->connect($host, $port); + $cr = $this->ldap->connect($host, (string)$port); if (!$this->ldap->isResource($cr)) { throw new \Exception(self::$l->t('Invalid Host')); } + /** @var resource|\LDAP\Connection $cr */ //set LDAP options $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3); @@ -1086,7 +1086,7 @@ class Wizard extends LDAPUtility { $this->configuration->ldapAgentPassword ); $errNo = $this->ldap->errno($cr); - $error = ldap_error($cr); + $error = $this->ldap->error($cr); $this->ldap->unbind($cr); } catch (ServerNotAvailableException $e) { return false; @@ -1110,9 +1110,9 @@ class Wizard extends LDAPUtility { /** * checks whether a valid combination of agent and password has been * provided (either two values or nothing for anonymous connect) - * @return bool, true if everything is fine, false otherwise + * @return bool true if everything is fine, false otherwise */ - private function checkAgentRequirements() { + private function checkAgentRequirements(): bool { $agent = $this->configuration->ldapAgentName; $pwd = $this->configuration->ldapAgentPassword; @@ -1122,11 +1122,7 @@ class Wizard extends LDAPUtility { ; } - /** - * @param array $reqs - * @return bool - */ - private function checkRequirements($reqs) { + private function checkRequirements(array $reqs): bool { $this->checkAgentRequirements(); foreach ($reqs as $option) { $value = $this->configuration->$option; @@ -1148,7 +1144,7 @@ class Wizard extends LDAPUtility { * yields most result entries * @return array|false an array with the values on success, false otherwise */ - public function cumulativeSearchOnAttribute($filters, $attr, $dnReadLimit = 3, &$maxF = null) { + public function cumulativeSearchOnAttribute(array $filters, string $attr, int $dnReadLimit = 3, ?string &$maxF = null) { $dnRead = []; $foundItems = []; $maxEntries = 0; @@ -1161,6 +1157,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($cr)) { return false; } + /** @var resource|\LDAP\Connection $cr */ $lastFilter = null; if (isset($filters[count($filters) - 1])) { $lastFilter = $filters[count($filters) - 1]; @@ -1175,6 +1172,7 @@ class Wizard extends LDAPUtility { if (!$this->ldap->isResource($rr)) { continue; } + /** @var resource|\LDAP\Result $rr */ $entries = $this->ldap->countEntries($cr, $rr); $getEntryFunc = 'firstEntry'; if (($entries !== false) && ($entries > 0)) { @@ -1192,16 +1190,17 @@ class Wizard extends LDAPUtility { $rr = $entry; //will be expected by nextEntry next round $attributes = $this->ldap->getAttributes($cr, $entry); $dn = $this->ldap->getDN($cr, $entry); - if ($dn === false || in_array($dn, $dnRead)) { + if ($attributes === false || $dn === false || in_array($dn, $dnRead)) { continue; } $newItems = []; - $state = $this->getAttributeValuesFromEntry($attributes, + $state = $this->getAttributeValuesFromEntry( + $attributes, $attr, - $newItems); + $newItems + ); $dnReadCount++; $foundItems = array_merge($foundItems, $newItems); - $this->resultCache[$dn][$attr] = $newItems; $dnRead[] = $dn; } while (($state === self::LRESULT_PROCESSED_SKIP || $this->ldap->isResource($entry)) @@ -1221,10 +1220,10 @@ class Wizard extends LDAPUtility { * Configuration class * @param bool $po whether the objectClass with most result entries * shall be pre-selected via the result - * @return array|false list of found items. + * @return array list of found items. * @throws \Exception */ - private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) { + private function determineFeature(array $objectclasses, string $attr, string $dbkey, string $confkey, bool $po = false): array { $cr = $this->getConnection(); if (!$cr) { throw new \Exception('Could not connect to LDAP'); @@ -1271,12 +1270,11 @@ class Wizard extends LDAPUtility { * @param array $result the return value from ldap_get_attributes * @param string $attribute the attribute values to look for * @param array &$known new values will be appended here - * @return int, state on of the class constants LRESULT_PROCESSED_OK, + * @return int state on of the class constants LRESULT_PROCESSED_OK, * LRESULT_PROCESSED_INVALID or LRESULT_PROCESSED_SKIP */ - private function getAttributeValuesFromEntry($result, $attribute, &$known) { - if (!is_array($result) - || !isset($result['count']) + private function getAttributeValuesFromEntry(array $result, string $attribute, array &$known): int { + if (!isset($result['count']) || !$result['count'] > 0) { return self::LRESULT_PROCESSED_INVALID; } @@ -1300,7 +1298,7 @@ class Wizard extends LDAPUtility { } /** - * @return bool|mixed + * @return resource|\LDAP\Connection|false a link resource on success, otherwise false */ private function getConnection() { if (!is_null($this->cr)) { @@ -1312,6 +1310,10 @@ class Wizard extends LDAPUtility { $this->configuration->ldapPort ); + if ($cr === false) { + return false; + } + $this->ldap->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3); $this->ldap->setOption($cr, LDAP_OPT_REFERRALS, 0); $this->ldap->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT); @@ -1330,10 +1332,7 @@ class Wizard extends LDAPUtility { return false; } - /** - * @return array - */ - private function getDefaultLdapPortSettings() { + private function getDefaultLdapPortSettings(): array { static $settings = [ ['port' => 7636, 'tls' => false], ['port' => 636, 'tls' => false], @@ -1345,10 +1344,7 @@ class Wizard extends LDAPUtility { return $settings; } - /** - * @return array - */ - private function getPortSettingsToTry() { + private function getPortSettingsToTry(): array { //389 ← LDAP / Unencrypted or StartTLS //636 ← LDAPS / SSL //7xxx ← UCS. need to be checked first, because both ports may be open |