diff options
Diffstat (limited to 'apps/user_ldap/lib')
-rw-r--r-- | apps/user_ldap/lib/Access.php | 2 | ||||
-rw-r--r-- | apps/user_ldap/lib/Connection.php | 2 | ||||
-rw-r--r-- | apps/user_ldap/lib/Group_LDAP.php | 8 | ||||
-rw-r--r-- | apps/user_ldap/lib/Group_Proxy.php | 9 | ||||
-rw-r--r-- | apps/user_ldap/lib/Mapping/AbstractMapping.php | 19 | ||||
-rw-r--r-- | apps/user_ldap/lib/Migration/UUIDFix.php | 60 | ||||
-rw-r--r-- | apps/user_ldap/lib/Migration/UUIDFixGroup.php | 37 | ||||
-rw-r--r-- | apps/user_ldap/lib/Migration/UUIDFixInsert.php | 101 | ||||
-rw-r--r-- | apps/user_ldap/lib/Migration/UUIDFixUser.php | 37 | ||||
-rw-r--r-- | apps/user_ldap/lib/Proxy.php | 6 |
10 files changed, 280 insertions, 1 deletions
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index 9e93ef2ecaa..cc0446ae523 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -1473,7 +1473,7 @@ class Access extends LDAPUtility implements IUserTools { return true; } - if ($uuidOverride !== '' && !$force) { + if (is_string($uuidOverride) && trim($uuidOverride) !== '' && !$force) { $this->connection->$uuidAttr = $uuidOverride; return true; } diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php index becd39205bc..04f8c7401e2 100644 --- a/apps/user_ldap/lib/Connection.php +++ b/apps/user_ldap/lib/Connection.php @@ -47,6 +47,8 @@ use OC\ServerNotAvailableException; * @property string[] ldapBaseUsers * @property int|string ldapPagingSize holds an integer * @property bool|mixed|void ldapGroupMemberAssocAttr + * @property string ldapUuidUserAttribute + * @property string ldapUuidGroupAttribute */ class Connection extends LDAPUtility { private $ldapConnectionRes = null; diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php index 49e5e724833..d620a00f849 100644 --- a/apps/user_ldap/lib/Group_LDAP.php +++ b/apps/user_ldap/lib/Group_LDAP.php @@ -902,4 +902,12 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface { public function implementsActions($actions) { return (bool)(\OC\Group\Backend::COUNT_USERS & $actions); } + + /** + * Return access for LDAP interaction. + * @return Access instance of Access for LDAP interaction + */ + public function getLDAPAccess() { + return $this->access; + } } diff --git a/apps/user_ldap/lib/Group_Proxy.php b/apps/user_ldap/lib/Group_Proxy.php index 64b85427f8f..c102e7ac626 100644 --- a/apps/user_ldap/lib/Group_Proxy.php +++ b/apps/user_ldap/lib/Group_Proxy.php @@ -196,4 +196,13 @@ class Group_Proxy extends Proxy implements \OCP\GroupInterface { //it's the same across all our user backends obviously return $this->refBackend->implementsActions($actions); } + + /** + * Return access for LDAP interaction. + * @param string $gid + * @return Access instance of Access for LDAP interaction + */ + public function getLDAPAccess($gid) { + return $this->handleRequest($gid, 'getLDAPAccess', []); + } } diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php index 6fb4a5436c3..755cfadbccd 100644 --- a/apps/user_ldap/lib/Mapping/AbstractMapping.php +++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php @@ -129,6 +129,25 @@ abstract class AbstractMapping { } /** + * Updates the UUID based on the given DN + * + * required by Migration/UUIDFix + * + * @param $uuid + * @param $fdn + * @return bool + */ + public function setUUIDbyDN($uuid, $fdn) { + $query = $this->dbc->prepare(' + UPDATE `' . $this->getTableName() . '` + SET `directory_uuid` = ? + WHERE `ldap_dn` = ? + '); + + return $this->modify($query, [$uuid, $fdn]); + } + + /** * Gets the name based on the provided LDAP DN. * @param string $fdn * @return string|false diff --git a/apps/user_ldap/lib/Migration/UUIDFix.php b/apps/user_ldap/lib/Migration/UUIDFix.php new file mode 100644 index 00000000000..5b9e5e2231d --- /dev/null +++ b/apps/user_ldap/lib/Migration/UUIDFix.php @@ -0,0 +1,60 @@ +<?php +/** + * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @author Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\User_LDAP\Migration; + + +use OC\BackgroundJob\QueuedJob; +use OCA\User_LDAP\Mapping\AbstractMapping; +use OCA\User_LDAP\Proxy; +use OCA\User_LDAP\User_Proxy; + +abstract class UUIDFix extends QueuedJob { + /** @var AbstractMapping */ + protected $mapper; + + /** @var Proxy */ + protected $proxy; + + public function run($argument) { + $isUser = $this->proxy instanceof User_Proxy; + foreach($argument['records'] as $record) { + $access = $this->proxy->getLDAPAccess($record['name']); + $uuid = $access->getUUID($record['dn'], $isUser); + if($uuid === false) { + // record not found, no prob, continue with the next + continue; + } + if($uuid !== $record['uuid']) { + $this->mapper->setUUIDbyDN($uuid, $record['dn']); + } + } + } + + /** + * @param Proxy $proxy + */ + public function overrideProxy(Proxy $proxy) { + $this->proxy = $proxy; + } +} diff --git a/apps/user_ldap/lib/Migration/UUIDFixGroup.php b/apps/user_ldap/lib/Migration/UUIDFixGroup.php new file mode 100644 index 00000000000..cbc38366984 --- /dev/null +++ b/apps/user_ldap/lib/Migration/UUIDFixGroup.php @@ -0,0 +1,37 @@ +<?php +/** + * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @author Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\User_LDAP\Migration; + +use OCA\User_LDAP\Helper; +use OCA\User_LDAP\LDAP; +use OCA\User_LDAP\Mapping\GroupMapping; +use OCA\User_LDAP\User_Proxy; +use OCP\IConfig; + +class UUIDFixGroup extends UUIDFix { + public function __construct(GroupMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) { + $this->mapper = $mapper; + $this->proxy = new User_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $config); + } +} diff --git a/apps/user_ldap/lib/Migration/UUIDFixInsert.php b/apps/user_ldap/lib/Migration/UUIDFixInsert.php new file mode 100644 index 00000000000..4a1104f2c6f --- /dev/null +++ b/apps/user_ldap/lib/Migration/UUIDFixInsert.php @@ -0,0 +1,101 @@ +<?php +/** + * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @author Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\User_LDAP\Migration; + +use OCA\User_LDAP\Mapping\GroupMapping; +use OCA\User_LDAP\Mapping\UserMapping; +use OCP\BackgroundJob\IJobList; +use OCP\IConfig; +use OCP\Migration\IOutput; +use OCP\Migration\IRepairStep; + +class UUIDFixInsert implements IRepairStep { + + /** @var IConfig */ + protected $config; + + /** @var UserMapping */ + protected $userMapper; + + /** @var GroupMapping */ + protected $groupMapper; + + /** @var IJobList */ + protected $jobList; + + public function __construct(IConfig $config, UserMapping $userMapper, GroupMapping $groupMapper, IJobList $jobList) { + $this->config = $config; + $this->userMapper = $userMapper; + $this->groupMapper = $groupMapper; + $this->jobList = $jobList; + } + + /** + * Returns the step's name + * + * @return string + * @since 9.1.0 + */ + public function getName() { + return 'Insert UUIDFix background job for user and group in batches'; + } + + /** + * Run repair step. + * Must throw exception on error. + * + * @param IOutput $output + * @throws \Exception in case of failure + * @since 9.1.0 + */ + public function run(IOutput $output) { + $installedVersion = $this->config->getAppValue('user_ldap', 'installed_version', '1.2.1'); + if(version_compare($installedVersion, '1.2.1') !== -1) { + return; + } + + foreach ([$this->userMapper, $this->groupMapper] as $mapper) { + $offset = 0; + $batchSize = 50; + $jobClass = $mapper instanceof UserMapping ? UUIDFixUser::class : UUIDFixGroup::class; + do { + $retry = false; + $records = $mapper->getList($offset, $batchSize); + if(count($records) === 0){ + continue; + } + try { + $this->jobList->add($jobClass, ['records' => $records]); + $offset += $batchSize; + } catch (\InvalidArgumentException $e) { + if(strpos($e->getMessage(), 'Background job arguments can\'t exceed 4000') !== false) { + $batchSize = intval(floor(count($records) * 0.8)); + $retry = true; + } + } + } while (count($records) === $batchSize || $retry); + } + + } +} diff --git a/apps/user_ldap/lib/Migration/UUIDFixUser.php b/apps/user_ldap/lib/Migration/UUIDFixUser.php new file mode 100644 index 00000000000..ee1457dcccb --- /dev/null +++ b/apps/user_ldap/lib/Migration/UUIDFixUser.php @@ -0,0 +1,37 @@ +<?php +/** + * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @author Arthur Schiwon <blizzz@arthur-schiwon.de> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\User_LDAP\Migration; + +use OCA\User_LDAP\Helper; +use OCA\User_LDAP\LDAP; +use OCA\User_LDAP\Mapping\UserMapping; +use OCA\User_LDAP\Group_Proxy; +use OCP\IConfig; + +class UUIDFixUser extends UUIDFix { + public function __construct(UserMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) { + $this->mapper = $mapper; + $this->proxy = new Group_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $config); + } +} diff --git a/apps/user_ldap/lib/Proxy.php b/apps/user_ldap/lib/Proxy.php index 6b896e0b13d..7f998314e20 100644 --- a/apps/user_ldap/lib/Proxy.php +++ b/apps/user_ldap/lib/Proxy.php @@ -128,6 +128,12 @@ abstract class Proxy { abstract protected function walkBackends($id, $method, $parameters); /** + * @param string $id + * @return Access + */ + abstract public function getLDAPAccess($id); + + /** * Takes care of the request to the User backend * @param string $id * @param string $method string, the method of the user backend that shall be called |