diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/base.php | 31 | ||||
-rw-r--r-- | lib/l10n/ady.php | 8 | ||||
-rw-r--r-- | lib/l10n/mk.php | 1 | ||||
-rw-r--r-- | lib/private/app.php | 13 | ||||
-rw-r--r-- | lib/private/connector/sabre/auth.php | 5 | ||||
-rw-r--r-- | lib/private/connector/sabre/directory.php | 18 | ||||
-rw-r--r-- | lib/private/connector/sabre/file.php | 15 | ||||
-rw-r--r-- | lib/private/connector/sabre/objecttree.php | 3 | ||||
-rw-r--r-- | lib/private/legacy/config.php | 12 | ||||
-rw-r--r-- | lib/private/user.php | 81 | ||||
-rw-r--r-- | lib/public/authentication/iapachebackend.php | 49 |
11 files changed, 216 insertions, 20 deletions
diff --git a/lib/base.php b/lib/base.php index 42182c21fb0..b0b2dca502f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -489,6 +489,11 @@ class OC { if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id') && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) { + $sessionUser = self::$session->get('user_id'); + $serverUser = $_SERVER['PHP_AUTH_USER']; + OC_Log::write('core', + "Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).", + OC_Log::WARN); OC_User::logout(); } @@ -743,11 +748,17 @@ class OC { protected static function handleLogin() { OC_App::loadApps(array('prelogin')); $error = array(); + + // auth possible via apache module? + if (OC::tryApacheAuth()) { + $error[] = 'apacheauthfailed'; + } // remember was checked after last login - if (OC::tryRememberLogin()) { + elseif (OC::tryRememberLogin()) { $error[] = 'invalidcookie'; - // Someone wants to log in : - } elseif (OC::tryFormLogin()) { + } + // logon via web form + elseif (OC::tryFormLogin()) { $error[] = 'invalidpassword'; } @@ -765,6 +776,20 @@ class OC { } } + protected static function tryApacheAuth() { + $return = OC_User::handleApacheAuth(); + + // if return is true we are logged in -> redirect to the default page + if ($return === true) { + $_REQUEST['redirect_url'] = \OC_Request::requestUri(); + OC_Util::redirectToDefaultPage(); + exit; + } + + // in case $return is null apache based auth is not enabled + return is_null($return) ? false : true; + } + protected static function tryRememberLogin() { if (!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) diff --git a/lib/l10n/ady.php b/lib/l10n/ady.php new file mode 100644 index 00000000000..15f78e0bce6 --- /dev/null +++ b/lib/l10n/ady.php @@ -0,0 +1,8 @@ +<?php +$TRANSLATIONS = array( +"_%n minute ago_::_%n minutes ago_" => array("",""), +"_%n hour ago_::_%n hours ago_" => array("",""), +"_%n day go_::_%n days ago_" => array("",""), +"_%n month ago_::_%n months ago_" => array("","") +); +$PLURAL_FORMS = "nplurals=2; plural=(n != 1);"; diff --git a/lib/l10n/mk.php b/lib/l10n/mk.php index 285dfd682a4..19e36c868d0 100644 --- a/lib/l10n/mk.php +++ b/lib/l10n/mk.php @@ -5,6 +5,7 @@ $TRANSLATIONS = array( "Settings" => "Подесувања", "Users" => "Корисници", "Admin" => "Админ", +"Invalid image" => "Невалидна фотографија", "web services under your control" => "веб сервиси под Ваша контрола", "ZIP download is turned off." => "Преземање во ZIP е исклучено", "Files need to be downloaded one by one." => "Датотеките треба да се симнат една по една.", diff --git a/lib/private/app.php b/lib/private/app.php index 0ab1ee57f63..b4a71992178 100644 --- a/lib/private/app.php +++ b/lib/private/app.php @@ -165,10 +165,14 @@ class OC_App{ /** * get all enabled apps */ + private static $enabledAppsCache = array(); public static function getEnabledApps() { if(!OC_Config::getValue('installed', false)) { return array(); } + if(!empty(self::$enabledAppsCache)) { + return self::$enabledAppsCache; + } $apps=array('files'); $sql = 'SELECT `appid` FROM `*PREFIX*appconfig`' .' WHERE `configkey` = \'enabled\' AND `configvalue`=\'yes\''; @@ -187,6 +191,7 @@ class OC_App{ $apps[]=$row['appid']; } } + self::$enabledAppsCache = $apps; return $apps; } @@ -198,11 +203,11 @@ class OC_App{ * This function checks whether or not an app is enabled. */ public static function isEnabled( $app ) { - if( 'files'==$app or ('yes' == OC_Appconfig::getValue( $app, 'enabled' ))) { + if('files' == $app) { return true; } - - return false; + $enabledApps = self::getEnabledApps(); + return in_array($app, $enabledApps); } /** @@ -214,6 +219,7 @@ class OC_App{ * This function set an app as enabled in appconfig. */ public static function enable( $app ) { + self::$enabledAppsCache = array(); // flush if(!OC_Installer::isInstalled($app)) { // check if app is a shipped app or not. OCS apps have an integer as id, shipped apps use a string if(!is_numeric($app)) { @@ -257,6 +263,7 @@ class OC_App{ * This function set an app as disabled in appconfig. */ public static function disable( $app ) { + self::$enabledAppsCache = array(); // flush // check if app is a shipped app or not. if not delete \OC_Hook::emit('OC_App', 'pre_disable', array('app' => $app)); OC_Appconfig::setValue( $app, 'enabled', 'no' ); diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index bf3a49593cb..d2fd74c44f9 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -72,6 +72,11 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic { * @return bool */ public function authenticate(Sabre_DAV_Server $server, $realm) { + + if (OC_User::handleApacheAuth()) { + return true; + } + if (OC_User::isLoggedIn()) { $user = OC_User::getUser(); OC_Util::setupFS($user); diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php index af0dfd70f08..d0334780361 100644 --- a/lib/private/connector/sabre/directory.php +++ b/lib/private/connector/sabre/directory.php @@ -50,8 +50,22 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createFile($name, $data = null) { - if (!\OC\Files\Filesystem::isCreatable($this->path)) { - throw new \Sabre_DAV_Exception_Forbidden(); + // for chunked upload also updating a existing file is a "createFile" + // because we create all the chunks before reasamble them to the existing file. + if (isset($_SERVER['HTTP_OC_CHUNKED'])) { + + // exit if we can't create a new file and we don't updatable existing file + $info = OC_FileChunking::decodeName($name); + if (!\OC\Files\Filesystem::isCreatable($this->path) && + !\OC\Files\Filesystem::isUpdatable($this->path . '/' . $info['name'])) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + + } else { + // For non-chunked upload it is enough to check if we can create a new file + if (!\OC\Files\Filesystem::isCreatable($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } } $path = $this->path . '/' . $name; diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php index 8ffec371e3f..037dba7f37b 100644 --- a/lib/private/connector/sabre/file.php +++ b/lib/private/connector/sabre/file.php @@ -45,7 +45,9 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D * @return string|null */ public function put($data) { + $fs = $this->getFS(); + if ($fs->file_exists($this->path) && !$fs->isUpdatable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); @@ -58,16 +60,18 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D // chunked handling if (isset($_SERVER['HTTP_OC_CHUNKED'])) { - list(, $name) = \Sabre_DAV_URLUtil::splitPath($this->path); + + list($path, $name) = \Sabre_DAV_URLUtil::splitPath($this->path); $info = OC_FileChunking::decodeName($name); if (empty($info)) { throw new Sabre_DAV_Exception_NotImplemented(); } + $chunk_handler = new OC_FileChunking($info); $chunk_handler->store($info['index'], $data); if ($chunk_handler->isComplete()) { - $newPath = $this->path . '/' . $info['name']; + $newPath = $path . '/' . $info['name']; $chunk_handler->file_assemble($newPath); return $this->getETagPropertyForPath($newPath); } @@ -78,6 +82,13 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D // mark file as partial while uploading (ignored by the scanner) $partpath = $this->path . '.part'; + // if file is located in /Shared we write the part file to the users + // root folder because we can't create new files in /shared + // we extend the name with a random number to avoid overwriting a existing file + if (dirname($partpath) === 'Shared') { + $partpath = pathinfo($partpath, PATHINFO_FILENAME) . rand() . '.part'; + } + try { $putOkay = $fs->file_put_contents($partpath, $data); if ($putOkay === false) { diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php index 80c3840b99d..df8902f66e2 100644 --- a/lib/private/connector/sabre/objecttree.php +++ b/lib/private/connector/sabre/objecttree.php @@ -87,6 +87,9 @@ class ObjectTree extends \Sabre_DAV_ObjectTree { if (!$fs->isUpdatable($destinationDir)) { throw new \Sabre_DAV_Exception_Forbidden(); } + if (!$fs->isDeletable($sourcePath)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } } $renameOkay = $fs->rename($sourcePath, $destinationPath); diff --git a/lib/private/legacy/config.php b/lib/private/legacy/config.php index 7e498013737..c457979113e 100644 --- a/lib/private/legacy/config.php +++ b/lib/private/legacy/config.php @@ -83,11 +83,7 @@ class OC_Config { * */ public static function setValue($key, $value) { - try { - self::$object->setValue($key, $value); - } catch (\OC\HintException $e) { - \OC_Template::printErrorPage($e->getMessage(), $e->getHint()); - } + self::$object->setValue($key, $value); } /** @@ -98,10 +94,6 @@ class OC_Config { * */ public static function deleteKey($key) { - try { - self::$object->deleteKey($key); - } catch (\OC\HintException $e) { - \OC_Template::printErrorPage($e->getMessage(), $e->getHint()); - } + self::$object->deleteKey($key); } } diff --git a/lib/private/user.php b/lib/private/user.php index 15e807088b4..04cd06b08bd 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -214,6 +214,55 @@ class OC_User { } /** + * @brief Try to login a user, assuming authentication + * has already happened (e.g. via Single Sign On). + * + * Log in a user and regenerate a new session. + * + * @param \OCP\Authentication\IApacheBackend $backend + * @return bool + */ + public static function loginWithApache(\OCP\Authentication\IApacheBackend $backend) { + + $uid = $backend->getCurrentUserId(); + $run = true; + OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid )); + + if($uid) { + session_regenerate_id(true); + self::setUserId($uid); + self::setDisplayName($uid); + OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>'' )); + return true; + } + return false; + } + + /** + * @brief Verify with Apache whether user is authenticated. + * + * @return boolean|null + * true: authenticated + * false: not authenticated + * null: not handled / no backend available + */ + public static function handleApacheAuth() { + $backend = self::findFirstActiveUsedBackend(); + if ($backend) { + OC_App::loadApps(); + + //setup extra user backends + self::setupBackends(); + self::unsetMagicInCookie(); + + return self::loginWithApache($backend); + } + + return null; + } + + + /** * @brief Sets user id for session and triggers emit */ public static function setUserId($uid) { @@ -260,6 +309,22 @@ class OC_User { } /** + * Supplies an attribute to the logout hyperlink. The default behaviour + * is to return an href with '?logout=true' appended. However, it can + * supply any attribute(s) which are valid for <a>. + * + * @return string with one or more HTML attributes. + */ + public static function getLogoutAttribute() { + $backend = self::findFirstActiveUsedBackend(); + if ($backend) { + return $backend->getLogoutAttribute(); + } + + return "href=" . link_to('', 'index.php') . "?logout=true"; + } + + /** * @brief Check if the user is an admin user * @param string $uid uid of the admin * @return bool @@ -497,4 +562,20 @@ class OC_User { public static function unsetMagicInCookie() { self::getUserSession()->unsetMagicInCookie(); } + + /** + * @brief Returns the first active backend from self::$_usedBackends. + * @return null if no backend active, otherwise OCP\Authentication\IApacheBackend + */ + private static function findFirstActiveUsedBackend() { + foreach (self::$_usedBackends as $backend) { + if ($backend instanceof OCP\Authentication\IApacheBackend) { + if ($backend->isSessionActive()) { + return $backend; + } + } + } + + return null; + } } diff --git a/lib/public/authentication/iapachebackend.php b/lib/public/authentication/iapachebackend.php new file mode 100644 index 00000000000..5376baf525c --- /dev/null +++ b/lib/public/authentication/iapachebackend.php @@ -0,0 +1,49 @@ +<?php + +/** + * ownCloud - Apache backend + * + * @author Karl Beecher + * @copyright 2013 Karl Beecher - karl@endocode.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCP\Authentication; + +interface IApacheBackend { + + /** + * In case the user has been authenticated by Apache true is returned. + * + * @return boolean whether Apache reports a user as currently logged in. + */ + public function isSessionActive(); + + /** + * Creates an attribute which is added to the logout hyperlink. It can + * supply any attribute(s) which are valid for <a>. + * + * @return string with one or more HTML attributes. + */ + public function getLogoutAttribute(); + + /** + * Return the id of the current user + * @return string + */ + public function getCurrentUserId(); + +} |