summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/base.php31
-rw-r--r--lib/l10n/ady.php8
-rw-r--r--lib/l10n/mk.php1
-rw-r--r--lib/private/app.php13
-rw-r--r--lib/private/connector/sabre/auth.php5
-rw-r--r--lib/private/connector/sabre/directory.php18
-rw-r--r--lib/private/connector/sabre/file.php15
-rw-r--r--lib/private/connector/sabre/objecttree.php3
-rw-r--r--lib/private/legacy/config.php12
-rw-r--r--lib/private/user.php81
-rw-r--r--lib/public/authentication/iapachebackend.php49
11 files changed, 216 insertions, 20 deletions
diff --git a/lib/base.php b/lib/base.php
index 42182c21fb0..b0b2dca502f 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -489,6 +489,11 @@ class OC {
if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id')
&& $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) {
+ $sessionUser = self::$session->get('user_id');
+ $serverUser = $_SERVER['PHP_AUTH_USER'];
+ OC_Log::write('core',
+ "Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).",
+ OC_Log::WARN);
OC_User::logout();
}
@@ -743,11 +748,17 @@ class OC {
protected static function handleLogin() {
OC_App::loadApps(array('prelogin'));
$error = array();
+
+ // auth possible via apache module?
+ if (OC::tryApacheAuth()) {
+ $error[] = 'apacheauthfailed';
+ }
// remember was checked after last login
- if (OC::tryRememberLogin()) {
+ elseif (OC::tryRememberLogin()) {
$error[] = 'invalidcookie';
- // Someone wants to log in :
- } elseif (OC::tryFormLogin()) {
+ }
+ // logon via web form
+ elseif (OC::tryFormLogin()) {
$error[] = 'invalidpassword';
}
@@ -765,6 +776,20 @@ class OC {
}
}
+ protected static function tryApacheAuth() {
+ $return = OC_User::handleApacheAuth();
+
+ // if return is true we are logged in -> redirect to the default page
+ if ($return === true) {
+ $_REQUEST['redirect_url'] = \OC_Request::requestUri();
+ OC_Util::redirectToDefaultPage();
+ exit;
+ }
+
+ // in case $return is null apache based auth is not enabled
+ return is_null($return) ? false : true;
+ }
+
protected static function tryRememberLogin() {
if (!isset($_COOKIE["oc_remember_login"])
|| !isset($_COOKIE["oc_token"])
diff --git a/lib/l10n/ady.php b/lib/l10n/ady.php
new file mode 100644
index 00000000000..15f78e0bce6
--- /dev/null
+++ b/lib/l10n/ady.php
@@ -0,0 +1,8 @@
+<?php
+$TRANSLATIONS = array(
+"_%n minute ago_::_%n minutes ago_" => array("",""),
+"_%n hour ago_::_%n hours ago_" => array("",""),
+"_%n day go_::_%n days ago_" => array("",""),
+"_%n month ago_::_%n months ago_" => array("","")
+);
+$PLURAL_FORMS = "nplurals=2; plural=(n != 1);";
diff --git a/lib/l10n/mk.php b/lib/l10n/mk.php
index 285dfd682a4..19e36c868d0 100644
--- a/lib/l10n/mk.php
+++ b/lib/l10n/mk.php
@@ -5,6 +5,7 @@ $TRANSLATIONS = array(
"Settings" => "Подесувања",
"Users" => "Корисници",
"Admin" => "Админ",
+"Invalid image" => "Невалидна фотографија",
"web services under your control" => "веб сервиси под Ваша контрола",
"ZIP download is turned off." => "Преземање во ZIP е исклучено",
"Files need to be downloaded one by one." => "Датотеките треба да се симнат една по една.",
diff --git a/lib/private/app.php b/lib/private/app.php
index 0ab1ee57f63..b4a71992178 100644
--- a/lib/private/app.php
+++ b/lib/private/app.php
@@ -165,10 +165,14 @@ class OC_App{
/**
* get all enabled apps
*/
+ private static $enabledAppsCache = array();
public static function getEnabledApps() {
if(!OC_Config::getValue('installed', false)) {
return array();
}
+ if(!empty(self::$enabledAppsCache)) {
+ return self::$enabledAppsCache;
+ }
$apps=array('files');
$sql = 'SELECT `appid` FROM `*PREFIX*appconfig`'
.' WHERE `configkey` = \'enabled\' AND `configvalue`=\'yes\'';
@@ -187,6 +191,7 @@ class OC_App{
$apps[]=$row['appid'];
}
}
+ self::$enabledAppsCache = $apps;
return $apps;
}
@@ -198,11 +203,11 @@ class OC_App{
* This function checks whether or not an app is enabled.
*/
public static function isEnabled( $app ) {
- if( 'files'==$app or ('yes' == OC_Appconfig::getValue( $app, 'enabled' ))) {
+ if('files' == $app) {
return true;
}
-
- return false;
+ $enabledApps = self::getEnabledApps();
+ return in_array($app, $enabledApps);
}
/**
@@ -214,6 +219,7 @@ class OC_App{
* This function set an app as enabled in appconfig.
*/
public static function enable( $app ) {
+ self::$enabledAppsCache = array(); // flush
if(!OC_Installer::isInstalled($app)) {
// check if app is a shipped app or not. OCS apps have an integer as id, shipped apps use a string
if(!is_numeric($app)) {
@@ -257,6 +263,7 @@ class OC_App{
* This function set an app as disabled in appconfig.
*/
public static function disable( $app ) {
+ self::$enabledAppsCache = array(); // flush
// check if app is a shipped app or not. if not delete
\OC_Hook::emit('OC_App', 'pre_disable', array('app' => $app));
OC_Appconfig::setValue( $app, 'enabled', 'no' );
diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php
index bf3a49593cb..d2fd74c44f9 100644
--- a/lib/private/connector/sabre/auth.php
+++ b/lib/private/connector/sabre/auth.php
@@ -72,6 +72,11 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic {
* @return bool
*/
public function authenticate(Sabre_DAV_Server $server, $realm) {
+
+ if (OC_User::handleApacheAuth()) {
+ return true;
+ }
+
if (OC_User::isLoggedIn()) {
$user = OC_User::getUser();
OC_Util::setupFS($user);
diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php
index af0dfd70f08..d0334780361 100644
--- a/lib/private/connector/sabre/directory.php
+++ b/lib/private/connector/sabre/directory.php
@@ -50,8 +50,22 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
*/
public function createFile($name, $data = null) {
- if (!\OC\Files\Filesystem::isCreatable($this->path)) {
- throw new \Sabre_DAV_Exception_Forbidden();
+ // for chunked upload also updating a existing file is a "createFile"
+ // because we create all the chunks before reasamble them to the existing file.
+ if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
+
+ // exit if we can't create a new file and we don't updatable existing file
+ $info = OC_FileChunking::decodeName($name);
+ if (!\OC\Files\Filesystem::isCreatable($this->path) &&
+ !\OC\Files\Filesystem::isUpdatable($this->path . '/' . $info['name'])) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+
+ } else {
+ // For non-chunked upload it is enough to check if we can create a new file
+ if (!\OC\Files\Filesystem::isCreatable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
}
$path = $this->path . '/' . $name;
diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php
index 8ffec371e3f..037dba7f37b 100644
--- a/lib/private/connector/sabre/file.php
+++ b/lib/private/connector/sabre/file.php
@@ -45,7 +45,9 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
* @return string|null
*/
public function put($data) {
+
$fs = $this->getFS();
+
if ($fs->file_exists($this->path) &&
!$fs->isUpdatable($this->path)) {
throw new \Sabre_DAV_Exception_Forbidden();
@@ -58,16 +60,18 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
// chunked handling
if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
- list(, $name) = \Sabre_DAV_URLUtil::splitPath($this->path);
+
+ list($path, $name) = \Sabre_DAV_URLUtil::splitPath($this->path);
$info = OC_FileChunking::decodeName($name);
if (empty($info)) {
throw new Sabre_DAV_Exception_NotImplemented();
}
+
$chunk_handler = new OC_FileChunking($info);
$chunk_handler->store($info['index'], $data);
if ($chunk_handler->isComplete()) {
- $newPath = $this->path . '/' . $info['name'];
+ $newPath = $path . '/' . $info['name'];
$chunk_handler->file_assemble($newPath);
return $this->getETagPropertyForPath($newPath);
}
@@ -78,6 +82,13 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
// mark file as partial while uploading (ignored by the scanner)
$partpath = $this->path . '.part';
+ // if file is located in /Shared we write the part file to the users
+ // root folder because we can't create new files in /shared
+ // we extend the name with a random number to avoid overwriting a existing file
+ if (dirname($partpath) === 'Shared') {
+ $partpath = pathinfo($partpath, PATHINFO_FILENAME) . rand() . '.part';
+ }
+
try {
$putOkay = $fs->file_put_contents($partpath, $data);
if ($putOkay === false) {
diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php
index 80c3840b99d..df8902f66e2 100644
--- a/lib/private/connector/sabre/objecttree.php
+++ b/lib/private/connector/sabre/objecttree.php
@@ -87,6 +87,9 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
if (!$fs->isUpdatable($destinationDir)) {
throw new \Sabre_DAV_Exception_Forbidden();
}
+ if (!$fs->isDeletable($sourcePath)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
}
$renameOkay = $fs->rename($sourcePath, $destinationPath);
diff --git a/lib/private/legacy/config.php b/lib/private/legacy/config.php
index 7e498013737..c457979113e 100644
--- a/lib/private/legacy/config.php
+++ b/lib/private/legacy/config.php
@@ -83,11 +83,7 @@ class OC_Config {
*
*/
public static function setValue($key, $value) {
- try {
- self::$object->setValue($key, $value);
- } catch (\OC\HintException $e) {
- \OC_Template::printErrorPage($e->getMessage(), $e->getHint());
- }
+ self::$object->setValue($key, $value);
}
/**
@@ -98,10 +94,6 @@ class OC_Config {
*
*/
public static function deleteKey($key) {
- try {
- self::$object->deleteKey($key);
- } catch (\OC\HintException $e) {
- \OC_Template::printErrorPage($e->getMessage(), $e->getHint());
- }
+ self::$object->deleteKey($key);
}
}
diff --git a/lib/private/user.php b/lib/private/user.php
index 15e807088b4..04cd06b08bd 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -214,6 +214,55 @@ class OC_User {
}
/**
+ * @brief Try to login a user, assuming authentication
+ * has already happened (e.g. via Single Sign On).
+ *
+ * Log in a user and regenerate a new session.
+ *
+ * @param \OCP\Authentication\IApacheBackend $backend
+ * @return bool
+ */
+ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backend) {
+
+ $uid = $backend->getCurrentUserId();
+ $run = true;
+ OC_Hook::emit( "OC_User", "pre_login", array( "run" => &$run, "uid" => $uid ));
+
+ if($uid) {
+ session_regenerate_id(true);
+ self::setUserId($uid);
+ self::setDisplayName($uid);
+ OC_Hook::emit( "OC_User", "post_login", array( "uid" => $uid, 'password'=>'' ));
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * @brief Verify with Apache whether user is authenticated.
+ *
+ * @return boolean|null
+ * true: authenticated
+ * false: not authenticated
+ * null: not handled / no backend available
+ */
+ public static function handleApacheAuth() {
+ $backend = self::findFirstActiveUsedBackend();
+ if ($backend) {
+ OC_App::loadApps();
+
+ //setup extra user backends
+ self::setupBackends();
+ self::unsetMagicInCookie();
+
+ return self::loginWithApache($backend);
+ }
+
+ return null;
+ }
+
+
+ /**
* @brief Sets user id for session and triggers emit
*/
public static function setUserId($uid) {
@@ -260,6 +309,22 @@ class OC_User {
}
/**
+ * Supplies an attribute to the logout hyperlink. The default behaviour
+ * is to return an href with '?logout=true' appended. However, it can
+ * supply any attribute(s) which are valid for <a>.
+ *
+ * @return string with one or more HTML attributes.
+ */
+ public static function getLogoutAttribute() {
+ $backend = self::findFirstActiveUsedBackend();
+ if ($backend) {
+ return $backend->getLogoutAttribute();
+ }
+
+ return "href=" . link_to('', 'index.php') . "?logout=true";
+ }
+
+ /**
* @brief Check if the user is an admin user
* @param string $uid uid of the admin
* @return bool
@@ -497,4 +562,20 @@ class OC_User {
public static function unsetMagicInCookie() {
self::getUserSession()->unsetMagicInCookie();
}
+
+ /**
+ * @brief Returns the first active backend from self::$_usedBackends.
+ * @return null if no backend active, otherwise OCP\Authentication\IApacheBackend
+ */
+ private static function findFirstActiveUsedBackend() {
+ foreach (self::$_usedBackends as $backend) {
+ if ($backend instanceof OCP\Authentication\IApacheBackend) {
+ if ($backend->isSessionActive()) {
+ return $backend;
+ }
+ }
+ }
+
+ return null;
+ }
}
diff --git a/lib/public/authentication/iapachebackend.php b/lib/public/authentication/iapachebackend.php
new file mode 100644
index 00000000000..5376baf525c
--- /dev/null
+++ b/lib/public/authentication/iapachebackend.php
@@ -0,0 +1,49 @@
+<?php
+
+/**
+ * ownCloud - Apache backend
+ *
+ * @author Karl Beecher
+ * @copyright 2013 Karl Beecher - karl@endocode.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCP\Authentication;
+
+interface IApacheBackend {
+
+ /**
+ * In case the user has been authenticated by Apache true is returned.
+ *
+ * @return boolean whether Apache reports a user as currently logged in.
+ */
+ public function isSessionActive();
+
+ /**
+ * Creates an attribute which is added to the logout hyperlink. It can
+ * supply any attribute(s) which are valid for <a>.
+ *
+ * @return string with one or more HTML attributes.
+ */
+ public function getLogoutAttribute();
+
+ /**
+ * Return the id of the current user
+ * @return string
+ */
+ public function getCurrentUserId();
+
+}