diff options
Diffstat (limited to 'apps/user_ldap')
| -rw-r--r-- | apps/user_ldap/lib/access.php | 60 | ||||
| -rw-r--r-- | apps/user_ldap/lib/configuration.php | 5 | ||||
| -rw-r--r-- | apps/user_ldap/lib/connection.php | 11 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ildapwrapper.php | 18 | ||||
| -rw-r--r-- | apps/user_ldap/lib/ldap.php | 9 | ||||
| -rw-r--r-- | apps/user_ldap/lib/proxy.php | 19 | ||||
| -rw-r--r-- | apps/user_ldap/lib/wizard.php | 25 | ||||
| -rw-r--r-- | apps/user_ldap/templates/part.wizard-groupfilter.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/templates/part.wizard-loginfilter.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/templates/part.wizard-userfilter.php | 2 | ||||
| -rw-r--r-- | apps/user_ldap/user_ldap.php | 12 |
11 files changed, 122 insertions, 43 deletions
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index b619f62f296..b7e4023dd73 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -107,8 +107,8 @@ class Access extends LDAPUtility { /** * @brief checks wether the given attribute`s valua is probably a DN - * @param $attr the attribute in question - * @return if so true, otherwise false + * @param string $attr the attribute in question + * @return boolean if so true, otherwise false */ private function resemblesDN($attr) { $resemblingAttributes = array( @@ -164,6 +164,7 @@ class Access extends LDAPUtility { /** * gives back the database table for the query + * @param boolean $isUser */ private function getMapTable($isUser) { if($isUser) { @@ -175,7 +176,7 @@ class Access extends LDAPUtility { /** * @brief returns the LDAP DN for the given internal ownCloud name of the group - * @param $name the ownCloud name in question + * @param string $name the ownCloud name in question * @returns string with the LDAP DN on success, otherwise false * * returns the LDAP DN for the given internal ownCloud name of the group @@ -211,7 +212,7 @@ class Access extends LDAPUtility { /** * @brief returns the LDAP DN for the given internal ownCloud name * @param $name the ownCloud name in question - * @param $isUser is it a user? otherwise group + * @param boolean $isUser is it a user? otherwise group * @returns string with the LDAP DN on success, otherwise false * * returns the LDAP DN for the given internal ownCloud name @@ -417,6 +418,9 @@ class Access extends LDAPUtility { } + /** + * @param boolean $isUsers + */ private function ldap2ownCloudNames($ldapObjects, $isUsers) { if($isUsers) { $nameAttribute = $this->connection->ldapUserDisplayName; @@ -509,7 +513,7 @@ class Access extends LDAPUtility { /** * @brief creates a unique name for internal ownCloud use. * @param $name the display name of the object - * @param $isUser boolean, whether name should be created for a user (true) or a group (false) + * @param boolean $isUser whether name should be created for a user (true) or a group (false) * @returns string with with the name to use in ownCloud or false if unsuccessful */ private function createAltInternalOwnCloudName($name, $isUser) { @@ -545,6 +549,9 @@ class Access extends LDAPUtility { return $this->mappedComponents(true); } + /** + * @param boolean $isUsers + */ private function mappedComponents($isUsers) { $table = $this->getMapTable($isUsers); @@ -601,14 +608,26 @@ class Access extends LDAPUtility { return true; } + /** + * @param integer $limit + * @param integer $offset + */ public function fetchListOfUsers($filter, $attr, $limit = null, $offset = null) { return $this->fetchList($this->searchUsers($filter, $attr, $limit, $offset), (count($attr) > 1)); } + /** + * @param string $filter + * @param integer $limit + * @param integer $offset + */ public function fetchListOfGroups($filter, $attr, $limit = null, $offset = null) { return $this->fetchList($this->searchGroups($filter, $attr, $limit, $offset), (count($attr) > 1)); } + /** + * @param boolean $manyAttributes + */ private function fetchList($list, $manyAttributes) { if(is_array($list)) { if($manyAttributes) { @@ -626,6 +645,8 @@ class Access extends LDAPUtility { * @brief executes an LDAP search, optimized for Users * @param $filter the LDAP filter for the search * @param $attr optional, when a certain attribute shall be filtered out + * @param integer $limit + * @param integer $offset * @returns array with the search result * * Executes an LDAP search @@ -634,14 +655,19 @@ class Access extends LDAPUtility { return $this->search($filter, $this->connection->ldapBaseUsers, $attr, $limit, $offset); } + /** + * @param string $filter + */ public function countUsers($filter, $attr = array('dn'), $limit = null, $offset = null) { return $this->count($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset); } /** * @brief executes an LDAP search, optimized for Groups - * @param $filter the LDAP filter for the search + * @param string $filter the LDAP filter for the search * @param $attr optional, when a certain attribute shall be filtered out + * @param integer $limit + * @param integer $offset * @returns array with the search result * * Executes an LDAP search @@ -702,7 +728,7 @@ class Access extends LDAPUtility { * @param $limit maximum results to be counted * @param $offset a starting point * @param $pagedSearchOK whether a paged search has been executed - * @param $skipHandling required for paged search when cookies to + * @param boolean $skipHandling required for paged search when cookies to * prior results need to be gained * @returns array with the search result as first value and pagedSearchOK as * second | false if not successful @@ -736,7 +762,7 @@ class Access extends LDAPUtility { /** * @brief executes an LDAP search, but counts the results only - * @param $filter the LDAP filter for the search + * @param string $filter the LDAP filter for the search * @param $base an array containing the LDAP subtree(s) that shall be searched * @param $attr optional, array, one or more attributes that shall be * retrieved. Results will according to the order in the array. @@ -896,6 +922,17 @@ class Access extends LDAPUtility { } /** + * @brief escapes (user provided) parts for LDAP filter + * @param String $input, the provided value + * @returns the escaped string + */ + public function escapeFilterPart($input) { + $search = array('*', '\\', '(', ')'); + $replace = array('\\*', '\\\\', '\\(', '\\)'); + return str_replace($search, $replace, $input); + } + + /** * @brief combines the input filters with AND * @param $filters array, the filters to connect * @returns the combined filter @@ -920,7 +957,7 @@ class Access extends LDAPUtility { /** * @brief combines the input filters with given operator * @param $filters array, the filters to connect - * @param $operator either & or | + * @param string $operator either & or | * @returns the combined filter * * Combines Filter arguments with AND @@ -985,6 +1022,9 @@ class Access extends LDAPUtility { return $this->combineFilterWithOr($filter); } + /** + * @param string $password + */ public function areCredentialsValid($name, $password) { $name = $this->DNasBaseParameter($name); $testConnection = clone $this->connection; @@ -1173,7 +1213,7 @@ class Access extends LDAPUtility { /** * @brief check wether the most recent paged search was successful. It flushed the state var. Use it always after a possible paged search. - * @return true on success, null or false otherwise + * @return boolean|null true on success, null or false otherwise */ public function getPagedSearchResultState() { $result = $this->pagedSearchedSuccessful; diff --git a/apps/user_ldap/lib/configuration.php b/apps/user_ldap/lib/configuration.php index 93f044e3152..954d0501fad 100644 --- a/apps/user_ldap/lib/configuration.php +++ b/apps/user_ldap/lib/configuration.php @@ -78,6 +78,9 @@ class Configuration { 'lastJpegPhotoLookup' => null, ); + /** + * @param string $configPrefix + */ public function __construct($configPrefix, $autoread = true) { $this->configPrefix = $configPrefix; if($autoread) { @@ -106,7 +109,7 @@ class Configuration { * @param $config array that holds the config parameters in an associated * array * @param &$applied optional; array where the set fields will be given to - * @return null + * @return false|null */ public function setConfiguration($config, &$applied = null) { if(!is_array($config)) { diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index 7fbabda7106..b2075748a3b 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -140,6 +140,9 @@ class Connection extends LDAPUtility { return $prefix.md5($key); } + /** + * @param string $key + */ public function getFromCache($key) { if(!$this->configured) { $this->readConfiguration(); @@ -156,6 +159,9 @@ class Connection extends LDAPUtility { return unserialize(base64_decode($this->cache->get($key))); } + /** + * @param string $key + */ public function isCached($key) { if(!$this->configured) { $this->readConfiguration(); @@ -167,6 +173,9 @@ class Connection extends LDAPUtility { return $this->cache->hasKey($key); } + /** + * @param string $key + */ public function writeToCache($key, $value) { if(!$this->configured) { $this->readConfiguration(); @@ -201,7 +210,7 @@ class Connection extends LDAPUtility { * @brief set LDAP configuration with values delivered by an array, not read from configuration * @param $config array that holds the config parameters in an associated array * @param &$setParameters optional; array where the set fields will be given to - * @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters + * @return boolean true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters */ public function setConfiguration($config, &$setParameters = null) { if(is_null($setParameters)) { diff --git a/apps/user_ldap/lib/ildapwrapper.php b/apps/user_ldap/lib/ildapwrapper.php index e60cf5ec63f..017d5549690 100644 --- a/apps/user_ldap/lib/ildapwrapper.php +++ b/apps/user_ldap/lib/ildapwrapper.php @@ -29,7 +29,7 @@ interface ILDAPWrapper { /** * @brief Bind to LDAP directory - * @param $link LDAP link resource + * @param resource $link LDAP link resource * @param $dn an RDN to log in with * @param $password the password * @return true on success, false otherwise @@ -50,7 +50,7 @@ interface ILDAPWrapper { * @brief Send LDAP pagination control * @param $link LDAP link resource * @param $pagesize number of results per page - * @param $isCritical Indicates whether the pagination is critical of not. + * @param boolean $isCritical Indicates whether the pagination is critical of not. * @param $cookie structure sent by LDAP server * @return true on success, false otherwise */ @@ -61,7 +61,7 @@ interface ILDAPWrapper { * @param $link LDAP link resource * @param $result LDAP result resource * @param $cookie structure sent by LDAP server - * @return true on success, false otherwise + * @return boolean on success, false otherwise * * Corresponds to ldap_control_paged_result_response */ @@ -124,7 +124,7 @@ interface ILDAPWrapper { /** * @brief Return next result id * @param $link LDAP link resource - * @param $result LDAP entry result resource + * @param resource $result LDAP entry result resource * @return an LDAP search result resource * */ public function nextEntry($link, $result); @@ -155,7 +155,7 @@ interface ILDAPWrapper { * @brief Sets the value of the specified option to be $value * @param $link LDAP link resource * @param $option a defined LDAP Server option - * @param $value the new value for the option + * @param integer $value the new value for the option * @return true on success, false otherwise */ public function setOption($link, $option, $value); @@ -177,7 +177,7 @@ interface ILDAPWrapper { /** * @brief Unbind from LDAP directory - * @param $link LDAP link resource + * @param resource $link LDAP link resource * @return true on success, false otherwise */ public function unbind($link); @@ -186,20 +186,20 @@ interface ILDAPWrapper { /** * @brief Checks whether the server supports LDAP - * @return true if it the case, false otherwise + * @return boolean if it the case, false otherwise * */ public function areLDAPFunctionsAvailable(); /** * @brief Checks whether PHP supports LDAP Paged Results - * @return true if it the case, false otherwise + * @return boolean if it the case, false otherwise * */ public function hasPagedResultSupport(); /** * @brief Checks whether the submitted parameter is a resource * @param $resource the resource variable to check - * @return true if it is a resource, false otherwise + * @return boolean if it is a resource, false otherwise */ public function isResource($resource); diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php index a99c6480121..de9b7481c19 100644 --- a/apps/user_ldap/lib/ldap.php +++ b/apps/user_ldap/lib/ldap.php @@ -108,7 +108,7 @@ class LDAP implements ILDAPWrapper { /** * @brief Checks whether the server supports LDAP - * @return true if it the case, false otherwise + * @return boolean if it the case, false otherwise * */ public function areLDAPFunctionsAvailable() { return function_exists('ldap_connect'); @@ -116,7 +116,7 @@ class LDAP implements ILDAPWrapper { /** * @brief Checks whether PHP supports LDAP Paged Results - * @return true if it the case, false otherwise + * @return boolean if it the case, false otherwise * */ public function hasPagedResultSupport() { $hasSupport = function_exists('ldap_control_paged_result') @@ -127,7 +127,7 @@ class LDAP implements ILDAPWrapper { /** * @brief Checks whether the submitted parameter is a resource * @param $resource the resource variable to check - * @return true if it is a resource, false otherwise + * @return boolean if it is a resource, false otherwise */ public function isResource($resource) { return is_resource($resource); @@ -144,6 +144,9 @@ class LDAP implements ILDAPWrapper { } } + /** + * @param string $functionName + */ private function preFunctionCall($functionName, $args) { $this->curFunc = $functionName; $this->curArgs = $args; diff --git a/apps/user_ldap/lib/proxy.php b/apps/user_ldap/lib/proxy.php index 30e1875901c..b27233bcd19 100644 --- a/apps/user_ldap/lib/proxy.php +++ b/apps/user_ldap/lib/proxy.php @@ -54,13 +54,21 @@ abstract class Proxy { return 'group-'.$gid.'-lastSeenOn'; } + /** + * @param boolean $passOnWhen + * @param string $method + */ abstract protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen); + + /** + * @param string $method + */ abstract protected function walkBackends($id, $method, $parameters); /** * @brief Takes care of the request to the User backend * @param $uid string, the uid connected to the request - * @param $method string, the method of the user backend that shall be called + * @param string $method string, the method of the user backend that shall be called * @param $parameters an array of parameters to be passed * @return mixed, the result of the specified method */ @@ -80,6 +88,9 @@ abstract class Proxy { return $prefix.md5($key); } + /** + * @param string $key + */ public function getFromCache($key) { if(!$this->isCached($key)) { return null; @@ -89,11 +100,17 @@ abstract class Proxy { return unserialize(base64_decode($this->cache->get($key))); } + /** + * @param string $key + */ public function isCached($key) { $key = $this->getCacheKey($key); return $this->cache->hasKey($key); } + /** + * @param string $key + */ public function writeToCache($key, $value) { $key = $this->getCacheKey($key); $value = base64_encode(serialize($value)); diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php index 00623b74fb1..e79090febc1 100644 --- a/apps/user_ldap/lib/wizard.php +++ b/apps/user_ldap/lib/wizard.php @@ -176,7 +176,7 @@ class Wizard extends LDAPUtility { /** * @brief return the state of the mode of the specified filter - * @param $confkey string, contains the access key of the Configuration + * @param string $confkey string, contains the access key of the Configuration */ private function getFilterMode($confkey) { $mode = $this->configuration->$confkey; @@ -240,6 +240,8 @@ class Wizard extends LDAPUtility { /** * @brief detects the available LDAP groups + * @param string $dbkey + * @param string $confkey * @returns the instance's WizardResult instance */ private function determineGroups($dbkey, $confkey, $testMemberOf = true) { @@ -554,7 +556,7 @@ class Wizard extends LDAPUtility { /** * @brief Checks whether for a given BaseDN results will be returned - * @param $base the BaseDN to test + * @param string $base the BaseDN to test * @return bool true on success, false otherwise */ private function testBaseDN($base) { @@ -619,7 +621,7 @@ class Wizard extends LDAPUtility { /** * @brief creates an LDAP Filter from given configuration - * @param $filterType int, for which use case the filter shall be created + * @param integer $filterType int, for which use case the filter shall be created * can be any of self::LFILTER_USER_LIST, self::LFILTER_LOGIN or * self::LFILTER_GROUP_LIST * @return mixed, string with the filter on success, false otherwise @@ -846,6 +848,9 @@ class Wizard extends LDAPUtility { || (empty($agent) && empty($pwd))); } + /** + * @param string[] $reqs + */ private function checkRequirements($reqs) { $this->checkAgentRequirements(); foreach($reqs as $option) { @@ -860,11 +865,11 @@ class Wizard extends LDAPUtility { /** * @brief does a cumulativeSearch on LDAP to get different values of a * specified attribute - * @param $filters array, the filters that shall be used in the search - * @param $attr the attribute of which a list of values shall be returned + * @param string[] $filters array, the filters that shall be used in the search + * @param string $attr the attribute of which a list of values shall be returned * @param $lfw bool, whether the last filter is a wildcard which shall not * be processed if there were already findings, defaults to true - * @param $maxF string. if not null, this variable will have the filter that + * @param string $maxF string. if not null, this variable will have the filter that * yields most result entries * @return mixed, an array with the values on success, false otherwise * @@ -926,10 +931,10 @@ class Wizard extends LDAPUtility { /** * @brief determines if and which $attr are available on the LDAP server - * @param $objectclasses the objectclasses to use as search filter - * @param $attr the attribute to look for - * @param $dbkey the dbkey of the setting the feature is connected to - * @param $confkey the confkey counterpart for the $dbkey as used in the + * @param string[] $objectclasses the objectclasses to use as search filter + * @param string $attr the attribute to look for + * @param string $dbkey the dbkey of the setting the feature is connected to + * @param string $confkey the confkey counterpart for the $dbkey as used in the * Configuration class * @param $po boolean, whether the objectClass with most result entries * shall be pre-selected via the result diff --git a/apps/user_ldap/templates/part.wizard-groupfilter.php b/apps/user_ldap/templates/part.wizard-groupfilter.php index 0cc4dfa572a..e460997b1bf 100644 --- a/apps/user_ldap/templates/part.wizard-groupfilter.php +++ b/apps/user_ldap/templates/part.wizard-groupfilter.php @@ -1,7 +1,7 @@ <fieldset id="ldapWizard4"> <div> <p> - <?php p($l->t('Limit the access to %s to groups meeting this criteria:', $theme->getName()));?> + <?php p($l->t('Groups meeting these criteria are available in %s:', $theme->getName()));?> </p> <p> <label for="ldap_groupfilter_objectclass"> diff --git a/apps/user_ldap/templates/part.wizard-loginfilter.php b/apps/user_ldap/templates/part.wizard-loginfilter.php index dc5d61e9f77..3dde46fa979 100644 --- a/apps/user_ldap/templates/part.wizard-loginfilter.php +++ b/apps/user_ldap/templates/part.wizard-loginfilter.php @@ -1,7 +1,7 @@ <fieldset id="ldapWizard3"> <div> <p> - <?php p($l->t('What attribute shall be used as login name:'));?> + <?php p($l->t('Users login with this attribute:'));?> </p> <p> <label for="ldap_loginfilter_username"> diff --git a/apps/user_ldap/templates/part.wizard-userfilter.php b/apps/user_ldap/templates/part.wizard-userfilter.php index c1d522ce2a6..eff9f89ce2c 100644 --- a/apps/user_ldap/templates/part.wizard-userfilter.php +++ b/apps/user_ldap/templates/part.wizard-userfilter.php @@ -1,7 +1,7 @@ <fieldset id="ldapWizard2"> <div> <p> - <?php p($l->t('Limit the access to %s to users meeting this criteria:', $theme->getName()));?> + <?php p($l->t('Limit %s access to users meeting these criteria:', $theme->getName()));?> </p> <p> <label for="ldap_userfilter_objectclass"> diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php index 619a992bd12..757de6b60f4 100644 --- a/apps/user_ldap/user_ldap.php +++ b/apps/user_ldap/user_ldap.php @@ -25,7 +25,6 @@ namespace OCA\user_ldap; -use OCA\user_ldap\lib\ILDAPWrapper; use OCA\user_ldap\lib\BackendUtility; class USER_LDAP extends BackendUtility implements \OCP\UserInterface { @@ -139,7 +138,7 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface { * @brief reads the image from LDAP that shall be used as Avatar * @param $uid string, the ownCloud user name * @param $dn string, the user DN - * @return image data (provided by LDAP) | false + * @return string data (provided by LDAP) | false */ private function getAvatarImage($uid, $dn) { $attributes = array('jpegPhoto', 'thumbnailPhoto'); @@ -157,13 +156,15 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface { /** * @brief Check if the password is correct - * @param $uid The username - * @param $password The password - * @returns true/false + * @param string $uid The username + * @param string $password The password + * @return boolean * * Check if the password is correct without logging in the user */ public function checkPassword($uid, $password) { + $uid = $this->access->escapeFilterPart($uid); + //find out dn of the user name $filter = \OCP\Util::mb_str_replace( '%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8'); @@ -204,6 +205,7 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface { * Get a list of all users. */ public function getUsers($search = '', $limit = 10, $offset = 0) { + $search = $this->access->escapeFilterPart($search); $cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset; //check if users are cached, if so return |